SQL: Been told you can't access master database system views in Azure SQL Database? Not true!

When you work with Azure SQL Database, you'll quickly learn that you send queries to a single database, and you can't execute USE statements to change to another database. Importantly, you also can't use four-part names to access objects in other databases like this:

ServerName.DatabaseName.SchemaName.ObjectName

So it's not surprising that when I've been reading some questions in Stack Overflow, asking how on earth you can join the list of users in your database, to the list of logins in the master database. And less surprising that the answer normally is that you can't do that, and you need to connect to each separately. However, that's not true. You can get to them using external tables. Let me show you how:

Database Scoped Credential

To connect to the master database, you are going to need to logon i.e. you have to provide a username and password. They get stored in a Credential.

Now credentials have been part of SQL Server since 2005 and are just a way of storing an identity and a secret. That could be a username and a password. Until recently, credentials were stored in the master database so they wouldn't have been any use for this. However, we now have DATABASE SCOPED CREDENTIAL objects. That's what we need here.

We'll start by creating one:

You need to create a master encryption key for your database if you don't already have one. Make sure to change the login and password to one that can access master.

Once this is created, we can use the credential whenever we need to provide details of how to log on to the database.

External Data Source

The next object we need is an EXTERNAL DATA SOURCE. It's basically a definition of how to connect to another source of data. In this case, it's the master database:

Make sure to put your server name in the LOCATION parameter.

Notice that external data sources are not schema-bound objects i.e. there is no schema name.

External Table

Because I might want to use a number of views from the master database, I've created a schema called MasterDB to contain them. I've then created an external table MasterDB.sql_logins to point to the sys.sql_logins view in the master database.

External tables can point to views, and notice that I've only included the columns that I need. You don't have to define all the columns from the source view.

And it works!

And if I now query the new external table, all is good as you can see in the main image above.

I hope that helps someone.

 

 

2 thoughts on “SQL: Been told you can't access master database system views in Azure SQL Database? Not true!”

  1. Hey,

    I got an error while doing this.

    CREATE MASTER KEY; — If you don't already have one
    GO

    CREATE DATABASE SCOPED CREDENTIAL AccessToMaster
    WITH IDENTITY = 'yourmasterlogin', SECRET = 'yourpassword';
    GO

    I have a master key and that is why I did this –

    OPEN MASTER KEY DECRYPTION BY PASSWORD = '****************';
    CREATE DATABASE SCOPED CREDENTIAL [Blob_Credential]
    WITH IDENTITY = 'SHARED ACCESS SIGNATURE', SECRET = '2019-12-12&ss=bfqt&srt=sco&sp=rwdlacupx&se=2020-11-12T17:19:54Z&st=2020-11-12T09:19:54Z&spr=https&sig=PXTqgjK3SliDfF%2F51RNTC5gA8WPzbVLLkt%2FR8MJpuIQ%3D';
    CLOSE MASTER KEY
    ?

    Error –
    Msg 33158, Level 16, State 1, Line 2
    Database credentials are not supported in master database.

    May I know why I am getting this error?

    Reply

    1. Hi Tabinda,

      You can't use a shared access signature to connect to another database. The type of credential that you're using is for BLOB storage. You need a credential that has a username and password in this case. You'll also need to create the database scoped credential in the database where you want to run the code, not in master. It looks from the message above that you're running the code in master.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *