Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

SQL logins orphan users Expand / Collapse
Author
Message
Posted Wednesday, January 23, 2013 4:37 AM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Wednesday, October 8, 2014 2:59 AM
Points: 168, Visits: 273
Hi All,

Just question the poped up during discussion with my collegue regarding fixing SQL orphan users when they are available at instance level and database level after refresh task.

Use [database name]

exec sp_change_users_login 'Autofix', 'Usernname'

OR

use [databasename];
exec sp_change_users_login ‘update_one’, ‘username’,'userlogin’;


AUTO FIX
========
Links user entries in the sysusers table in the current database to logins of the same name in syslogins. It is recommended that the result from the Auto_Fix statement be checked to confirm that the links made are the intended outcome. Avoid using Auto_Fix in security-sensitive situations. Auto_Fix makes best estimates on links, possibly allowing a user more access permissions than intended. User must be a valid user in the current database, and login must be NULL, a zero-length string (”), or not specified.

UPDATE_ONE
==========

Links the specified user in the current database to login. Login must already exist. user and login must be specified.


Testing did not find AUTOFIX option giving more privleages to SQL logins at database level , so unable to prove the AUTO_FIX causes more access permissions.

Does anyone has any suggestions on best way to go about this ??









Cheer Satish
Post #1410474
Posted Wednesday, January 23, 2013 6:26 AM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Wednesday, October 15, 2014 8:04 AM
Points: 193, Visits: 745
The better way would be...incase if you know that you already have a login for the orphaned user. You can use this command alter user <username> with login = <login name>. This is a much better fix then what you're using.

As far as "auto_fix" is concerned, use this if your sure enough that sql server login name is the same as the orphaned user of the database being mapped (in simple terms login name = user name)

Incase, if you don't already have an existing login, you can create one by using this command
exec sp_change_users_login @action = 'auto_fix', @usernamepattern = 'some user name', @login = 'login name', @password = 'specify a strong password'

I hope this piece of info helps!!!

Regards,
Faisal
Post #1410530
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse