In this article, we will be discussing about orphaned users in SQL Server.
What is an Orphaned User in SQL Server?
An orphaned user in SQL Server, is a user that exists in a database (Database-Security-Users) but for any reason, does not have a corresponding login in the instance’s security (master database).
Why can orphaned database users exist in SQL Server?
This can happen for different reasons.
One case, is backing up a database from one instance of SQL server and restoring it on another instance. When you do that, the corresponding login is not transferred to the new instance because it exists outside the database’s scope. In this case you need to either create the login and map it to the database user or make use of the special stored procedure sp_change_users_login in order to create the database user-login association.
Another case would be deleting a SQL Server login (this is not a recommended action). This would leave the mapped database user orphaned.
How to handle orphaned database users in SQL Server
You need to handle orphaned users. By just leaving them there you are actually maintaining a security risk because if a login is maliciously mapped to an orphaned database user, the login will inherit the orphaned user’s permissions on the database.
There is however a case where you can have database users not mapped to SQL Server logins and this could be just fine. This case is when you make use of a Contained Database. Contained Databases are isolated from the instance and you can log into them by just using their users. This is the only case where you must not consider a database user as orphaned.
Find and Handle Orphaned Database Users with DBA Security Advisor
DBA Security Advisor, is our SQL Server security tool, which can help you analyze your SQL Server Instances for security misconfigurations, and get useful recommendations.
The way it works, is that you select the security checks you want to perform, you then connect to one or more SQL Server instances, run the assessment, and you get a comprehensive report with recommendations.
One of the security checks, is checking for orphaned users.Try DBA Security Advisor free for 14 days!
Strengthen your SQL Server Administration Skills – Enroll to our Online Course!
Check our online course on Udemy titled “Essential SQL Server Administration Tips” (special limited-time discount included in link).
Via the course, you will learn essential hands-on SQL Server Administration tips on SQL Server maintenance, security, performance, integration, error handling and more. Many live demonstrations and downloadable resources included!
Featured Online Courses:
- Boost SQL Server Database Performance with In-Memory OLTP
- Essential SQL Server Administration Tips
- SQL Server Fundamentals – SQL Database for Beginners
- Essential SQL Server Development Tips for SQL Developers
- The Philosophy and Fundamentals of Computer Programming
- .NET Programming for Beginners – Windows Forms with C#
- Introduction to Data Science and SQL Server Machine Learning
- Introduction to Azure SQL Database for Beginners
- SQL Server 2019: What’s New – New and Enhanced Features
- Entity Framework: Getting Started – Complete Beginners Guide
- How to Import and Export Data in SQL Server Databases
- Learn How to Install and Start Using SQL Server in 30 Mins
- A Guide on How to Start and Monetize a Successful Blog
- How to Create Logins for Orphaned Database Users in SQL Server
- How to Patch a SQL Server Failover Cluster
- How to Add a Database to a SQL Server Availability Group Using T-SQL
- Top 10 SQL Server DBA Daily Tasks List
- The “Public” Database Role in SQL Server
- … all our SQL Server Administration Articles
Did you find this article useful and interesting? Feel free to leave your comment!
Subscribe to our newsletter and stay up to date with our latest articles on SQL Server and related technologies!
Check out our latest software releases! All our software tools have 30-day Trial Versions which are free to download.
Rate this article:
Reference: SQLNetHub.com (https://www.sqlnethub.com)
Artemakis Artemiou is a Senior SQL Server Architect, Author, a 9 Times Microsoft Data Platform MVP (2009-2018) and a Udemy Instructor. He has over 15 years of experience in the IT industry in various roles. Artemakis is the founder of SQLNetHub and TechHowTos.com. Artemakis is the creator of the well-known software tools Snippets Generator and DBA Security Advisor. Also, he is the author of many eBooks on SQL Server. Artemakis currently serves as the President of the Cyprus .NET User Group (CDNUG) and the International .NET Association Country Leader for Cyprus (INETA). Moreover, Artemakis teaches on Udemy, you can check his courses here.