Solved

SQL Dropping users

Posted on 2013-12-14
9
177 Views
Last Modified: 2013-12-16
I have just been handed a SQL instance with several databases and I need to remove all but  few users from both SQL and from the databases. Instead of manually deleting hundreds of users, would it be possible to construct a script to first remove them from the databases and then to remove them from SQL. Let's use DB1 and DB2 as the databases and let's say the only users I want to remain are Bob and Carol and Ted and Alice. What would the scripts looks like to remove everyone else?
0
Comment
Question by:rwheeler23
  • 3
  • 3
  • 3
9 Comments
 
LVL 38

Accepted Solution

by:
Jim P. earned 500 total points
ID: 39719209
You don't state version but assuming SQL 2005 or above.

You can probably build something to do it automatically but the quick and dirty is to do a SQL Query to text output (<ctrl>+T) then copy results to a new window and run the drop.

So the query would be:
SET NoCount On;
SELECT 'DROP USER ' + [Name] + ';' as [-- Drop users]
FROM sys.users
WHERE [Name] Not In ('sa','dbo','Bob','Carol','Ted','Alice')
use master
go
SELECT 'DROP LOGIN ' + [Name] + ';' as [-- Drop Logins]
FROM sys.logins
WHERE [Name] Not In ('sa','dbo','Bob','Carol','Ted','Alice')

Open in new window


Now my suggestion before dropping the logins is to get the sp_help_revlogin script and save a copy of the existing logins to a file. Hopefully nothing was built on them, but it keeps the SID and encrypted password if you have to recreate it.
0
 

Author Comment

by:rwheeler23
ID: 39719219
Good point. In this I have one company splitting away from another and only a few people are in this company so those old user accounts would be of no concern.

Thanks.

P.S. This was SQL Server 2012

So the drop user drops them from the company databases and the drop login drops them from SQL?
0
 
LVL 38

Expert Comment

by:Jim P.
ID: 39719226
So the drop user drops them from the company databases and the drop login drops them from SQL?

Correct.

The reason that I mention saving the logins is that I have run into multiple professionally developed apps that use SQL authentication. The installer will create the SQL login with a specific userid that looks like Tom but actually has much more responsibility. So if you can just re-add the login you are much better off.
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 

Author Closing Comment

by:rwheeler23
ID: 39719269
Thanks for the expert tips!
0
 
LVL 69

Expert Comment

by:Scott Pletcher
ID: 39719305
What are "sys.users" and "sys.logins"?

At any rate:

Be very careful before running the results of that script. (Once you make any adjustments to make it run.)

[I was working on a script but won't bother with it now.]
0
 
LVL 38

Expert Comment

by:Jim P.
ID: 39719370
Those are leftover views from pre-2k5 that are the current sys.syslogins and sysusers tables.
0
 
LVL 69

Expert Comment

by:Scott Pletcher
ID: 39721568
Nothing pre-2k5 was "sys.".  Did you mean "sysusers" and "syslogins"?  If so, obviously those views should no longer be used.
0
 

Author Comment

by:rwheeler23
ID: 39722589
Scott, if you would like me to open a new incident I would be more than happy to do so. You could place your scripts in their and I could add them to my aresenal for future use. I see more databases coming my way so it would be of great assistance.
0
 
LVL 69

Expert Comment

by:Scott Pletcher
ID: 39722740
I'm not trying to insist on that.

I just think that script is too slap-dash to be used in any real SQL environment.  For example:

The ids to be kept/removed need to be specified at the login level, not the user level, because the user name does not have to match the login name.  [Most people use the same name for both, but that is NOT required by SQL.]

If the corresponding user owns schemas/objects, what should be done?  The DROP USER will fail.

My personal preference would be to allow specific db(s) to be ignored/excluded from the DROPs.  Perhaps a single/few db(s) will allow legacy access for old logins for some period of time. [Obviously that is not critical, just, as noted, my personal preference.]
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SQL 2014 always on 31 58
SSRS - Date Report Options 2 26
SSAS Store Forecasting data in the cube 1 17
RESTORE MASTER DATABASE -- NOW 2 14
Why is this different from all of the other step by step guides?  Because I make a living as a DBA and not as a writer and I lived through this experience. Defining the name: When I talk to people they say different names on this subject stuff l…
International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
Using examples as well as descriptions, and references to Books Online, show the documentation available for date manipulation functions and by using a select few of these functions, show how date based data can be manipulated with these functions.
Viewers will learn how to use the SELECT statement in SQL to return specific rows and columns, with various degrees of sorting and limits in place.

789 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question