In this article, we will be discussing about orphaned users in SQL Server.
What is an Orphaned User in SQL Server?
An orphaned user in SQL Server, is a user that exists in a database (Database-Security-Users) but for any reason, does not have a corresponding login in the instance’s security (master database).
Why can orphaned database users exist in SQL Server?
This can happen for different reasons.
One case, is backing up a database from one instance of SQL server and restoring it on another instance. When you do that, the corresponding login is not transferred to the new instance because it exists outside the database’s scope. In this case you need to either create the login and map it to the database user or make use of the special stored procedure sp_change_users_login in order to create the database user-login association.
Another case would be deleting a SQL Server login (this is not a recommended action). This would leave the mapped database user orphaned.
How to handle orphaned database users in SQL Server
You need to handle orphaned users. By just leaving them there you are actually maintaining a security risk because if a login is maliciously mapped to an orphaned database user, the login will inherit the orphaned user’s permissions on the database.
There is however a case where you can have database users not mapped to SQL Server logins and this could be just fine. This case is when you make use of a Contained Database. Contained Databases are isolated from the instance and you can log into them by just using their users. This is the only case where you must not consider a database user as orphaned.
Find and Handle Orphaned Database Users with DBA Security Advisor
DBA Security Advisor, is our SQL Server security tool, which can help you analyze your SQL Server Instances for security misconfigurations, and get useful recommendations.
The way it works, is that you select the security checks you want to perform, you then connect to one or more SQL Server instances, run the assessment, and you get a comprehensive report with recommendations.
One of the security checks, is checking for orphaned users.
Get the free trial of DBA Security Advisor!
Strengthen your SQL Server Administration Skills – Enroll to our Online Course!
Check our online course on Udemy titled “Essential SQL Server Administration Tips” (special limited-time discount included in link).
Via the course, you will learn essential hands-on SQL Server Administration tips on SQL Server maintenance, security, performance, integration, error handling and more. Many live demonstrations and downloadable resources included!
Featured Online Courses:
- Working with Python on Windows and SQL Server Databases
- Introduction to Azure Database for MySQL
- Boost SQL Server Database Performance with In-Memory OLTP
- Introduction to Azure SQL Database for Beginners
- Essential SQL Server Administration Tips
- SQL Server Fundamentals – SQL Database for Beginners
- Essential SQL Server Development Tips for SQL Developers
- Introduction to Computer Programming for Beginners
- .NET Programming for Beginners – Windows Forms with C#
- SQL Server 2019: What’s New – New and Enhanced Features
- Entity Framework: Getting Started – Complete Beginners Guide
- Data Management for Beginners – Main Principles
- A Guide on How to Start and Monetize a Successful Blog
Read Also:
- How to Create Logins for Orphaned Database Users in SQL Server
- How to Patch a SQL Server Failover Cluster
- How to Add a Database to a SQL Server Availability Group Using T-SQL
- Top 10 SQL Server DBA Daily Tasks List
- The “Public” Database Role in SQL Server
- … all our SQL Server Administration Articles
Did you find this article useful and interesting? Feel free to leave your comment!
If you enjoy my SQL Server administration tips and articles, I have something special just for you. It is one of my eBooks and it is called “Administering SQL Server“. Check it out!
Subscribe to our newsletter and stay up to date with our latest articles on SQL Server and related technologies!
Check out our latest software releases! All our software tools have 30-day Trial Versions which are free to download.
Rate this article:
Reference: SQLNetHub.com (https://www.sqlnethub.com)
© SQLNetHub
Artemakis Artemiou is a seasoned Senior Database and AI/Automation Architect with over 20 years of expertise in the IT industry. As a Certified Database, Cloud, and AI professional, he has been recognized as a thought leader, earning the prestigious Microsoft Data Platform MVP title for nine consecutive years (2009-2018). Driven by a passion for simplifying complex topics, Artemakis shares his expertise through articles, online courses, and speaking engagements. He empowers professionals around the globe to excel in Databases, Cloud, AI, Automation, and Software Development. Committed to innovation and education, Artemakis strives to make technology accessible and impactful for everyone.