SQL Azure VIEW DATABASE STATE permission denied in database 'master'

6
votes

When I execute the following query:

SELECT * FROM sys.dm_io_virtual_file_stats(NULL, NULL)

I get the error:

Msg 262, Level 14, State 1, Line 4 VIEW DATABASE STATE permission denied in database 'master'. Msg 297, Level 16, State 1, Line 4 The user does not have permission to perform this action.

But I able to execute this query using the provisioned (by SQL Azure portal) administrator user.

I am unable to GRANT VIEW DATABASE STATE for master (using the provisioned administrator user) to any of the user I created, I get the following error: Grantor does not have GRANT permission.

Any ideas how to be able to execute the query

SELECT * FROM sys.dm_io_virtual_file_stats(NULL, NULL)

from a user other than the provisioned (by SQL Azure portal) administrator user?

2
sql-serverazureazure-sql-database
What pricing tier is your database? Is it a basic, standard, or premium?Jack Richins

2 Answers

5
votes

On SQL Database Premium Tiers requires the VIEW DATABASE STATE permission in the database. Permissions can not be granted in Master, but the views can be queried in user databases. On SQL Database Standard and Basic Tiers requires the SQL Database server admin account due to security requirements following from multi tenancy of those tiers.

2
votes

Jack is right.

On multi tenant database tiers, only server admin can query the views those are scoped to the server (requires VIEW SERVER STATE permissions) and those scoped to database can be queried by whoever has permissions to view_database_state permissions.

For Premium databases, DBO can query DMVs those are scoped to Server and database.

On master database of a server, no one has view database / view server permissions.