What are Exactly Orphaned Users in SQL Server?

In this article, we will be discussing about orphaned users in SQL Server.

 

What is an Orphaned User in SQL Server?

An orphaned user in SQL Server, is a user that exists in a database (Database-Security-Users) but for any reason, does not have a corresponding login in the instance’s security (master database).

 

Why can orphaned database users exist in SQL Server?

This can happen for different reasons.

One case, is backing up a database from one instance of SQL server and restoring it on another instance. When you do that, the corresponding login is not transferred to the new instance because it exists outside the database’s scope. In this case you need to either create the login and map it to the database user or make use of the special stored procedure sp_change_users_login in order to create the database user-login association.

Another case would be deleting a SQL Server login (this is not a recommended action). This would leave the mapped database user orphaned.

 

How to handle orphaned database users in SQL Server

You need to handle orphaned users. By just leaving them there you are actually maintaining a security risk because if a login is maliciously mapped to an orphaned database user, the login will inherit the orphaned user’s permissions on the database.

There is however a case where you can have database users not mapped to SQL Server logins and this could be just fine. This case is when you make use of a Contained Database. Contained Databases are isolated from the instance and you can log into them by just using their users. This is the only case where you must not consider a database user as orphaned.

 

Find and Handle Orphaned Database Users with DBA Security Advisor

DBA Security Advisor, is our SQL Server security tool, which can help you analyze your SQL Server Instances for security misconfigurations, and get useful recommendations.

SQL Server Security Tool - DBA Security Advisor - Security Checks

The way it works, is that you select the security checks you want to perform, you then connect to one or more SQL Server instances, run the assessment, and you get a comprehensive report with recommendations.

One of the security checks, is checking for orphaned users.

Try DBA Security Advisor free for 14 days!

 

Strengthen your SQL Server Administration Skills – Enroll to our Online Course!

Check our online course on Udemy titled “Essential SQL Server Administration Tips(special limited-time discount included in link).

Via the course, you will learn essential hands-on SQL Server Administration tips on SQL Server maintenance, security, performance, integration, error handling and more. Many live demonstrations and downloadable resources included!

Essential SQL Server Administration Tips - Online Course with Live Demonstrations and Hands-on Guides
(Lifetime Access/ Live Demos / Downloadable Resources and more!)

Enroll Now with Discount!

 

 

Featured Online Courses:

 

Read Also

 

Did you find this article useful and interesting? Feel free to leave your comment!

If you enjoy my SQL Server administration tips and articles, I have something special just for you. It is one of my eBooks and it is called “Administering SQL Server“. Check it out!

Subscribe to our newsletter and stay up to date with our latest articles on SQL Server and related technologies!

Check out our latest software releases! All our software tools have 30-day Trial Versions which are free to download.

 

Rate this article: 1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)

Loading...

Reference: SQLNetHub.com (https://www.sqlnethub.com)

© SQLNetHub