• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 190
  • Last Modified:

SQL Dropping users

I have just been handed a SQL instance with several databases and I need to remove all but  few users from both SQL and from the databases. Instead of manually deleting hundreds of users, would it be possible to construct a script to first remove them from the databases and then to remove them from SQL. Let's use DB1 and DB2 as the databases and let's say the only users I want to remain are Bob and Carol and Ted and Alice. What would the scripts looks like to remove everyone else?
0
rwheeler23
Asked:
rwheeler23
  • 3
  • 3
  • 3
1 Solution
 
Jim P.Commented:
You don't state version but assuming SQL 2005 or above.

You can probably build something to do it automatically but the quick and dirty is to do a SQL Query to text output (<ctrl>+T) then copy results to a new window and run the drop.

So the query would be:
SET NoCount On;
SELECT 'DROP USER ' + [Name] + ';' as [-- Drop users]
FROM sys.users
WHERE [Name] Not In ('sa','dbo','Bob','Carol','Ted','Alice')
use master
go
SELECT 'DROP LOGIN ' + [Name] + ';' as [-- Drop Logins]
FROM sys.logins
WHERE [Name] Not In ('sa','dbo','Bob','Carol','Ted','Alice')

Open in new window


Now my suggestion before dropping the logins is to get the sp_help_revlogin script and save a copy of the existing logins to a file. Hopefully nothing was built on them, but it keeps the SID and encrypted password if you have to recreate it.
0
 
rwheeler23Author Commented:
Good point. In this I have one company splitting away from another and only a few people are in this company so those old user accounts would be of no concern.

Thanks.

P.S. This was SQL Server 2012

So the drop user drops them from the company databases and the drop login drops them from SQL?
0
 
Jim P.Commented:
So the drop user drops them from the company databases and the drop login drops them from SQL?

Correct.

The reason that I mention saving the logins is that I have run into multiple professionally developed apps that use SQL authentication. The installer will create the SQL login with a specific userid that looks like Tom but actually has much more responsibility. So if you can just re-add the login you are much better off.
0
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

 
rwheeler23Author Commented:
Thanks for the expert tips!
0
 
Scott PletcherSenior DBACommented:
What are "sys.users" and "sys.logins"?

At any rate:

Be very careful before running the results of that script. (Once you make any adjustments to make it run.)

[I was working on a script but won't bother with it now.]
0
 
Jim P.Commented:
Those are leftover views from pre-2k5 that are the current sys.syslogins and sysusers tables.
0
 
Scott PletcherSenior DBACommented:
Nothing pre-2k5 was "sys.".  Did you mean "sysusers" and "syslogins"?  If so, obviously those views should no longer be used.
0
 
rwheeler23Author Commented:
Scott, if you would like me to open a new incident I would be more than happy to do so. You could place your scripts in their and I could add them to my aresenal for future use. I see more databases coming my way so it would be of great assistance.
0
 
Scott PletcherSenior DBACommented:
I'm not trying to insist on that.

I just think that script is too slap-dash to be used in any real SQL environment.  For example:

The ids to be kept/removed need to be specified at the login level, not the user level, because the user name does not have to match the login name.  [Most people use the same name for both, but that is NOT required by SQL.]

If the corresponding user owns schemas/objects, what should be done?  The DROP USER will fail.

My personal preference would be to allow specific db(s) to be ignored/excluded from the DROPs.  Perhaps a single/few db(s) will allow legacy access for old logins for some period of time. [Obviously that is not critical, just, as noted, my personal preference.]
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

  • 3
  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now