What are Exactly Orphaned Users in SQL Server

What are Exactly Orphaned Users in SQL Server

Share on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn0Share on Reddit0
An orphaned user in SQL Server, is a user that exists in a database (Database-Security-Users) but for any reason, does not have a corresponding login in the instance’s security (master database).

This can happen for different reasons.

One case, is backing up a database from one instance of SQL server and restoring it on another instance. When you do that, the corresponding login is not transferred to the new instance because it exists outside the database’s scope. In this case you need to either create the login and map it to the database user or make use of the special stored procedure sp_change_users_login in order to create the database user-login association.

Another case would be deleting a SQL Server login (this is not a recommended action). This would leave the mapped database user orphaned.

You need to handle orphaned users. By just leaving them there you are actually maintaining a security risk because if a login is maliciously mapped to an orphaned database user, the login will inherit the orphaned user’s permissions on the database.

There is however a case where you can have database users not mapped to SQL Server logins and this could be just fine. This case is when you make use of a Contained Database. Contained Databases are isolated from the instance and you can log into them by just using their users. This is the only case where you must not consider a database user as orphaned.


There is a SQL Server security tool developed by SQLArtBits and which is called DBA Security Advisor which scans your SQL Server instances for vulnerabilities and provides recommendations and remediation scripts/methods. One of those security checks, is checking for orphaned users in all the databases of all instances to be assessed.

The SQL Server and .NET Hub
Reference: The SQL Server and .NET Hub (http://www.sqlnethub.com)


Recommended eBooks on SQL Server:

Tuning SQL Server: eBook by SQL Server MVP Artemakis Artemiou
Tuning SQL Server: eBook by SQL Server MVP Artemakis Artemiou
Administering SQL Server: eBook by SQL Server MVP Artemakis Artemiou
Administering SQL Server: eBook by SQL Server MVP Artemakis Artemiou
Artemakis Artemiou
Artemakis Artemiou is a Senior SQL Server Architect, Author, Software Developer and a Microsoft Data Platform MVP. He has over 15 years of experience in the IT industry in various roles. Among other, via his initiative SQLEBooks.com, Artemakis authors and publishes eBooks on different topics on SQL Server. Artemakis currently serves as the President of the Cyprus .NET User Group (CDNUG) and the International .NET Association Country Leader for Cyprus (INETA). Additionally he is the founder of the SQLArtBits initiative that aims to provide the technical community with simple, yet powerful and high-quality SQL Server tools. Currently, the highlights of these tools are DBA Security Advisor and In-Memory OLTP Simulator. Artemakis's official website can be found at aartemiou.com. Artemakis's blogs can be found at: SQLNetHub.com and TechHowTos.com.