Post reply

SQL logins orphan users

  • January 23, 2013 at 4:37 am

    #394000

    Hi All,

    Just question the poped up during discussion with my collegue regarding fixing SQL orphan users when they are available at instance level and database level after refresh task.

    Use [database name]

    exec sp_change_users_login 'Autofix', 'Usernname'

    OR

    use [databasename];

    exec sp_change_users_login ‘update_one’, ‘username’,'userlogin’;

    AUTO FIX

    ========

    Links user entries in the sysusers table in the current database to logins of the same name in syslogins. It is recommended that the result from the Auto_Fix statement be checked to confirm that the links made are the intended outcome. Avoid using Auto_Fix in security-sensitive situations. Auto_Fix makes best estimates on links, possibly allowing a user more access permissions than intended. User must be a valid user in the current database, and login must be NULL, a zero-length string (”), or not specified.

    UPDATE_ONE

    ==========

    Links the specified user in the current database to login. Login must already exist. user and login must be specified.

    Testing did not find AUTOFIX option giving more privleages to SQL logins at database level , so unable to prove the AUTO_FIX causes more access permissions.

    Does anyone has any suggestions on best way to go about this ??

    Cheer Satish 🙂

  • January 23, 2013 at 6:26 am

    #1580045

    The better way would be...incase if you know that you already have a login for the orphaned user. You can use this command alter user <username> with login = <login name>. This is a much better fix then what you're using.

    As far as "auto_fix" is concerned, use this if your sure enough that sql server login name is the same as the orphaned user of the database being mapped (in simple terms login name = user name)

    Incase, if you don't already have an existing login, you can create one by using this command

    exec sp_change_users_login @action = 'auto_fix', @usernamepattern = 'some user name', @login = 'login name', @password = 'specify a strong password'

    I hope this piece of info helps!!!

    Regards,

    Faisal

Viewing 2 posts - 1 through 1 (of 1 total)

You must be logged in to reply to this topic. Login to reply