Click here to Skip to main content
15,116,090 members
Articles / Database Development / SQL Server / SQL Server 2008
Article
Posted 19 Mar 2010

Stats

109.4K views
26 bookmarked

Few Step(s) to Remove SQL Server Database User(s)

Rate me:
Please Sign up or sign in to vote.
4.91/5 (26 votes)
20 Mar 2010CPOL3 min read
Few step(s) to remove SQL Server database user(s) when you are facing error like “The database principal owns a database role and cannot be dropped.” for dropping a user.

Introduction

Database security is one of the significant concerns for most DBAs. DBAs frequently restore or backup the database, this is a very common scenario, But the thing is after successfully restoring a new version of your database, you want to remove the current users. Probably you thought of just expanding the user node and deleting the desire user; in that sense you are somewhat correct. But if you face an error like:

Msg 15421, Level 16, State 1, Line 1
The database principal owns a database role and cannot be dropped.	 

What will you do?

Microsoft SQL Server provides quite a lot of ways to maintain the security of database. This article is not about the security of Microsoft SQL server.

In this article, I will try to explain how to resolve the following issues:

  1. The database principal owns a database role and cannot be dropped.
  2. The database principal owns a schema and cannot be dropped.

Solution

I try to categorize into two sections, section-A; we will discuss to find out the list of roles in which the user exists and the section-B; we will discuss how to resolve it.

Section-A

In this section, our primary goal is to find out the list of existing roles of our target database. For this purpose, we use a simple transact-SQL with the help of SQL Server SYS.DATABASE_PRINCIPALS table. A sample SQL script and the required step(s) are listed below:

  1. Open SQL Server Management Studio and login as an admin user.
  2. Select the database, set the user name & execute the following transact-SQL for getting the database role and user detail.

Sample SQL Script

SQL
SELECT     DBPRINCIPAL_1.NAME AS ROLE, DBPRINCIPAL_1.NAME AS OWNER
FROM         SYS.DATABASE_PRINCIPALS AS DBPRINCIPAL_1 INNER JOIN
                 SYS.DATABASE_PRINCIPALS AS DBPRINCIPAL_2 
		    ON DBPRINCIPAL_1.PRINCIPAL_ID = DBPRINCIPAL_2.OWNING_PRINCIPAL_ID
WHERE     (DBPRINCIPAL_1.NAME = 'User Name To Remove')  

The above transact-SQL returns a list of roles in which the user exists.

More information on "SYS.DATABASE_PRINCIPALS " table can be found at this link.

Section-B

I think this is not a very intricate task, let’s start, your SQL Server Management Studio is open and you are logged in as an admin user i.e., “sa”.

From the section-A we already get the list, now the task is to remove the desired user. To do this, we need to follow the step(s) listed below:

  1. Now expand Databases node from object explorer.
    1. Select the target Database >>---> Security >>--> Roles >>--> Database Roles.
    2. Now double click the entries that were listed in the output of the above SQL command.
    3. Change the “Owner” to some temp username.
    4. If the username you want to delete appears in the dialog box, select and remove it from there too.
      (Do this for all the Roles that came up in the above SQL query.)
  2. Navigate to Databases >>--> the target Database >>--> Security >>--> Schemas.
    1. Double-click to open “db_owner” and change the schema owner to dbo.
  3. Now go to: Databases >>--> Target Database >>--> Security >>--> Users.
  4. Right click the username you want to delete and click “Delete”, then click OK in the new dialog box that appears.

Note: You can also try the stored procedure sp_dropuser after accomplishing the step(s) above except section-B step 4.

Example

SQL
EXEC sp_dropuser 'User name' 

Conclusion

I hope this might be helpful to you. Enjoy!

Reference

  • MSDN

History

  • 20th March, 2010: Initial post

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author


Comments and Discussions

 
QuestionMy vote of 4 Pin
LittleMatti25-Jun-13 2:02
professionalLittleMatti25-Jun-13 2:02 
GeneralMy vote of 5 Pin
URVISH_SUTHAR113-Jun-13 4:22
MemberURVISH_SUTHAR113-Jun-13 4:22 
GeneralRe: My vote of 5 Pin
Md. Marufuzzaman13-Jun-13 10:58
professionalMd. Marufuzzaman13-Jun-13 10:58 
GeneralSome alternative Pin
aldo hexosa13-Dec-10 18:14
professionalaldo hexosa13-Dec-10 18:14 
USE [databasename];
ALTER AUTHORIZATION ON ROLE::[aspnet_Membership_FullAccess] TO [dbo];
ALTER AUTHORIZATION ON ROLE::[aspnet_Membership_BasicAccess] TO [dbo];
ALTER AUTHORIZATION ON ROLE::[aspnet_Membership_ReportingAccess] TO [dbo];
ALTER AUTHORIZATION ON ROLE::[aspnet_Profile_FullAccess] TO [dbo];
ALTER AUTHORIZATION ON ROLE::[aspnet_Profile_BasicAccess] TO [dbo];
ALTER AUTHORIZATION ON ROLE::[aspnet_Profile_ReportingAccess] TO [dbo];
ALTER AUTHORIZATION ON ROLE::[aspnet_Membership_FullAccess] TO [dbo];
ALTER AUTHORIZATION ON ROLE::[aspnet_Roles_FullAccess] TO [dbo];
ALTER AUTHORIZATION ON ROLE::[aspnet_Roles_BasicAccess] TO [dbo];
ALTER AUTHORIZATION ON ROLE::[aspnet_Roles_ReportingAccess] TO [dbo];
DROPUSER databaseuser;
GeneralRe: Some alternative Pin
Md. Marufuzzaman6-Oct-11 0:02
professionalMd. Marufuzzaman6-Oct-11 0:02 
GeneralMy vote of 1 Pin
___AV___23-Mar-10 0:22
Member___AV___23-Mar-10 0:22 
GeneralRe: My vote of 1 Pin
Md. Marufuzzaman23-Mar-10 0:54
professionalMd. Marufuzzaman23-Mar-10 0:54 
GeneralMy vote of 5 PinPopular
denic25-Mar-10 3:47
Memberdenic25-Mar-10 3:47 
GeneralHi comanion Pin
Anil Srivastava21-Mar-10 22:15
MemberAnil Srivastava21-Mar-10 22:15 
GeneralRe: Hi comanion Pin
Md. Marufuzzaman21-Mar-10 22:58
professionalMd. Marufuzzaman21-Mar-10 22:58 
GeneralGood work Pin
Mohd Arshad Malik19-Mar-10 11:28
MemberMohd Arshad Malik19-Mar-10 11:28 
GeneralRe: Good work Pin
Md. Marufuzzaman19-Mar-10 17:45
professionalMd. Marufuzzaman19-Mar-10 17:45 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.