Database security is one of the significant concerns for most DBAs. DBAs frequently restore or backup the database, this is a very common scenario, But the thing is after successfully restoring a new version of your database, you want to remove the current users. Probably you thought of just expanding the user node and deleting the desire user; in that sense you are somewhat correct. But if you face an error like:
Msg 15421, Level 16, State 1, Line 1
The database principal owns a database role and cannot be dropped.
What will you do?
Microsoft SQL Server provides quite a lot of ways to maintain the security of database. This article is not about the security of Microsoft SQL server.
In this article, I will try to explain how to resolve the following issues:
- The database principal owns a database role and cannot be dropped.
- The database principal owns a schema and cannot be dropped.
I try to categorize into two sections, section-A; we will discuss to find out the list of roles in which the user exists and the section-B; we will discuss how to resolve it.
In this section, our primary goal is to find out the list of existing roles of our target database. For this purpose, we use a simple transact-SQL with the help of SQL Server
SYS.DATABASE_PRINCIPALS table. A sample SQL script and the required step(s) are listed below:
- Open SQL Server Management Studio and login as an admin user.
- Select the database, set the user name & execute the following transact-SQL for getting the database role and user detail.
Sample SQL Script
SELECT DBPRINCIPAL_1.NAME AS ROLE, DBPRINCIPAL_1.NAME AS OWNER
FROM SYS.DATABASE_PRINCIPALS AS DBPRINCIPAL_1 INNER JOIN
SYS.DATABASE_PRINCIPALS AS DBPRINCIPAL_2
ON DBPRINCIPAL_1.PRINCIPAL_ID = DBPRINCIPAL_2.OWNING_PRINCIPAL_ID
WHERE (DBPRINCIPAL_1.NAME = 'User Name To Remove')
The above transact-SQL returns a list of roles in which the user exists.
More information on "
SYS.DATABASE_PRINCIPALS " table can be found at this link.
I think this is not a very intricate task, let’s start, your SQL Server Management Studio is open and you are logged in as an admin user i.e., “sa”.
From the section-A we already get the list, now the task is to remove the desired user. To do this, we need to follow the step(s) listed below:
- Now expand Databases node from object explorer.
- Select the target Database >>---> Security >>--> Roles >>--> Database Roles.
- Now double click the entries that were listed in the output of the above SQL command.
- Change the “Owner” to some temp username.
- If the username you want to delete appears in the dialog box, select and remove it from there too.
(Do this for all the Roles that came up in the above SQL query.)
- Navigate to Databases >>--> the target Database >>--> Security >>--> Schemas.
- Double-click to open “db_owner” and change the schema owner to dbo.
- Now go to: Databases >>--> Target Database >>--> Security >>--> Users.
- Right click the username you want to delete and click “Delete”, then click OK in the new dialog box that appears.
Note: You can also try the stored procedure
sp_dropuser after accomplishing the step(s) above except section-B step 4.
EXEC sp_dropuser 'User name'
I hope this might be helpful to you. Enjoy!
- 20th March, 2010: Initial post
He is the founder & CEO of MNH Technologies and working for urban and rural sectors to improve people’s lifestyle, better medical facilities, education, social business etc. He has over ten years of professional experiences in design and developing Client-Server, Multi-Tier, Database, Web based business software solutions, Enterprise Applications, API, WebAPI, Google Analytics implementation, Add-In, Documentation & Technical Writing etc for Windows / Mac using Microsoft SQL Server, Oracle, MySql, PS, C#, VB.NET, ASP.NET, PHP, RoR, Visual Basic etc. He has also more than two years experience in Mobile-VAS (Platform Development).
He worked for various software development & technology consulting. His core focus on technologies to create dynamic data-driven systems that add value to your business and dynamic technology consulting that builds advanced solutions for the industries across the various vertices.
He also work as a Solution Architect at Dhrupadi Techno Consortium Limited (DTCL) and responsible for analyzing business requirements and offered optimum solutions (multiple options), which would address all current requirements, provide flexibility for future growth and allow smooth transition between old system and new system.
He graduated with honors from The University of Asia Pacific, in Computer Science and Engineering. He was awarded as “Most Valuable Professional” (MVP) at 2010 and 2011 by CodeProject.com and also selected as a Mentor of CodeProject.com
Specialties: Software Development Management, System Integration, Data Warehouse Architecture, Virtualization.