October 21, 2015 at 2:14 pm
I have a requirement to delete all the orphans users for the databases. The issue I am having is with when database principal owns a schema in the DB, User cannt be dropped.
How do I transfer it to DBO in case I am looping multiple databases. This is what I got so far .
declare @is_read_only nvarchar (200)
Select @is_read_only = is_read_only from master.sys.databases where name='test' /* This should be a parameter value */
IF @IS_READ_ONLY= 0
BEGIN
Declare @sql as varchar (200)
Declare @DatabaseName varchar (200)
Declare @LoginID varchar (100)
Set @DatabaseName= 'test' /* This should be a parameter value */
Set @LoginID= 'test' /* This should be a parameter value */
Set @sql = 'Use ' + @DatabaseName + ' Drop User [' + @LoginID + ']'
Print(@sql)
--Exec (@sql)
End
ELSE
IF @IS_READ_ONLY=1
BEGIN
Set @DatabaseName= 'test' /* This should be a parameter value */
Set @LoginID= 'test' /* This should be a parameter value */
Set @sql =
'Use Master
Alter Database '
+ @DatabaseName + ' SET READ_WRITE WITH NO_WAIT' + ' ' +
'
Use [' + @DatabaseName + '] Drop User [' + @LoginID + ']' +
'
Use Master
Alter Database '
+ @DatabaseName + ' SET READ_ONLY WITH NO_WAIT'
Print(@sql)
--Exec (@sql)
END
October 21, 2015 at 2:29 pm
For changing ownership, take a look at:
https://msdn.microsoft.com/en-us/library/ms173423.aspx
For best practices on asking questions, please read the following article: Forum Etiquette: How to post data/code on a forum to get the best help[/url]
October 21, 2015 at 2:52 pm
I was looking for possible changes t hat I had to do like below. How do it do that if I have to put it in a script ?
SELECT name FROM sys.schemas WHERE principal_id = USER_ID('myUser')
ALTER AUTHORIZATION ON SCHEMA::SchemaName TO dbo
GO
DROP USER myUser
October 21, 2015 at 7:46 pm
That's how you'd do it. But your process is a bit off.
Any time someone asks you to do something like this the first thing you should be doing is creating a way to roll it back. Are you scripting out the logins, schema ownership, and permissions so that you can record it somewhere in case it breaks something down the line and has to be investigated or rolled back?
Don't do anything without it. It's not just "best practice" it also prevents resume generating events. (Yeah you could just restore backups of the databases but those don't get retained forever).
October 22, 2015 at 8:46 am
Thanks Cody for your advice. The account that we will be deleting are the termed account only. The account that does not exsist in AD but that are still there on any of the databases. We are trying to address that one.
I was trying to see if I can get help with for script part to add the alter authorization to DBO in the way I was doing.
Thanks you once again. let me know your thoughts.
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply