Solved

SQL Dropping users

Posted on 2013-12-14
9
173 Views
Last Modified: 2013-12-16
I have just been handed a SQL instance with several databases and I need to remove all but  few users from both SQL and from the databases. Instead of manually deleting hundreds of users, would it be possible to construct a script to first remove them from the databases and then to remove them from SQL. Let's use DB1 and DB2 as the databases and let's say the only users I want to remain are Bob and Carol and Ted and Alice. What would the scripts looks like to remove everyone else?
0
Comment
Question by:rwheeler23
  • 3
  • 3
  • 3
9 Comments
 
LVL 38

Accepted Solution

by:
Jim P. earned 500 total points
ID: 39719209
You don't state version but assuming SQL 2005 or above.

You can probably build something to do it automatically but the quick and dirty is to do a SQL Query to text output (<ctrl>+T) then copy results to a new window and run the drop.

So the query would be:
SET NoCount On;
SELECT 'DROP USER ' + [Name] + ';' as [-- Drop users]
FROM sys.users
WHERE [Name] Not In ('sa','dbo','Bob','Carol','Ted','Alice')
use master
go
SELECT 'DROP LOGIN ' + [Name] + ';' as [-- Drop Logins]
FROM sys.logins
WHERE [Name] Not In ('sa','dbo','Bob','Carol','Ted','Alice')

Open in new window


Now my suggestion before dropping the logins is to get the sp_help_revlogin script and save a copy of the existing logins to a file. Hopefully nothing was built on them, but it keeps the SID and encrypted password if you have to recreate it.
0
 

Author Comment

by:rwheeler23
ID: 39719219
Good point. In this I have one company splitting away from another and only a few people are in this company so those old user accounts would be of no concern.

Thanks.

P.S. This was SQL Server 2012

So the drop user drops them from the company databases and the drop login drops them from SQL?
0
 
LVL 38

Expert Comment

by:Jim P.
ID: 39719226
So the drop user drops them from the company databases and the drop login drops them from SQL?

Correct.

The reason that I mention saving the logins is that I have run into multiple professionally developed apps that use SQL authentication. The installer will create the SQL login with a specific userid that looks like Tom but actually has much more responsibility. So if you can just re-add the login you are much better off.
0
 

Author Closing Comment

by:rwheeler23
ID: 39719269
Thanks for the expert tips!
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 69

Expert Comment

by:ScottPletcher
ID: 39719305
What are "sys.users" and "sys.logins"?

At any rate:

Be very careful before running the results of that script. (Once you make any adjustments to make it run.)

[I was working on a script but won't bother with it now.]
0
 
LVL 38

Expert Comment

by:Jim P.
ID: 39719370
Those are leftover views from pre-2k5 that are the current sys.syslogins and sysusers tables.
0
 
LVL 69

Expert Comment

by:ScottPletcher
ID: 39721568
Nothing pre-2k5 was "sys.".  Did you mean "sysusers" and "syslogins"?  If so, obviously those views should no longer be used.
0
 

Author Comment

by:rwheeler23
ID: 39722589
Scott, if you would like me to open a new incident I would be more than happy to do so. You could place your scripts in their and I could add them to my aresenal for future use. I see more databases coming my way so it would be of great assistance.
0
 
LVL 69

Expert Comment

by:ScottPletcher
ID: 39722740
I'm not trying to insist on that.

I just think that script is too slap-dash to be used in any real SQL environment.  For example:

The ids to be kept/removed need to be specified at the login level, not the user level, because the user name does not have to match the login name.  [Most people use the same name for both, but that is NOT required by SQL.]

If the corresponding user owns schemas/objects, what should be done?  The DROP USER will fail.

My personal preference would be to allow specific db(s) to be ignored/excluded from the DROPs.  Perhaps a single/few db(s) will allow legacy access for old logins for some period of time. [Obviously that is not critical, just, as noted, my personal preference.]
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Export import database 4 39
Need to update TableA to TableB 6 33
Need a starter for ETL protocol? 4 32
Add '#' to end of file 2 29
Everyone has problem when going to load data into Data warehouse (EDW). They all need to confirm that data quality is good but they don't no how to proceed. Microsoft has provided new task within SSIS 2008 called "Data Profiler Task". It solve th…
International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
Via a live example, show how to extract insert data into a SQL Server database table using the Import/Export option and Bulk Insert.
Viewers will learn how to use the UPDATE and DELETE statements to change or remove existing data from their tables. Make a table: Update a specific column given a specific row using the UPDATE statement: Remove a set of values using the DELETE s…

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now