Database security is one of the significant concerns for most DBAs. DBAs frequently restore or backup the database, this is a very common scenario, But the thing is after successfully restoring a new version of your database, you want to remove the current users. Probably you thought of just expanding the user node and deleting the desire user; in that sense you are somewhat correct. But if you face an error like:
Msg 15421, Level 16, State 1, Line 1
The database principal owns a database role and cannot be dropped.
What will you do?
Microsoft SQL Server provides quite a lot of ways to maintain the security of database. This article is not about the security of Microsoft SQL server.
In this article, I will try to explain how to resolve the following issues:
- The database principal owns a database role and cannot be dropped.
- The database principal owns a schema and cannot be dropped.
I try to categorize into two sections, section-A; we will discuss to find out the list of roles in which the user exists and the section-B; we will discuss how to resolve it.
In this section, our primary goal is to find out the list of existing roles of our target database. For this purpose, we use a simple transact-SQL with the help of SQL Server
SYS.DATABASE_PRINCIPALS table. A sample SQL script and the required step(s) are listed below:
- Open SQL Server Management Studio and login as an admin user.
- Select the database, set the user name & execute the following transact-SQL for getting the database role and user detail.
Sample SQL Script
SELECT DBPRINCIPAL_1.NAME AS ROLE, DBPRINCIPAL_1.NAME AS OWNER
FROM SYS.DATABASE_PRINCIPALS AS DBPRINCIPAL_1 INNER JOIN
SYS.DATABASE_PRINCIPALS AS DBPRINCIPAL_2
ON DBPRINCIPAL_1.PRINCIPAL_ID = DBPRINCIPAL_2.OWNING_PRINCIPAL_ID
WHERE (DBPRINCIPAL_1.NAME = 'User Name To Remove')
The above transact-SQL returns a list of roles in which the user exists.
More information on "
SYS.DATABASE_PRINCIPALS " table can be found at this link.
I think this is not a very intricate task, let’s start, your SQL Server Management Studio is open and you are logged in as an admin user i.e., “sa”.
From the section-A we already get the list, now the task is to remove the desired user. To do this, we need to follow the step(s) listed below:
- Now expand Databases node from object explorer.
- Select the target Database >>---> Security >>--> Roles >>--> Database Roles.
- Now double click the entries that were listed in the output of the above SQL command.
- Change the “Owner” to some temp username.
- If the username you want to delete appears in the dialog box, select and remove it from there too.
(Do this for all the Roles that came up in the above SQL query.)
- Navigate to Databases >>--> the target Database >>--> Security >>--> Schemas.
- Double-click to open “db_owner” and change the schema owner to dbo.
- Now go to: Databases >>--> Target Database >>--> Security >>--> Users.
- Right click the username you want to delete and click “Delete”, then click OK in the new dialog box that appears.
Note: You can also try the stored procedure
sp_dropuser after accomplishing the step(s) above except section-B step 4.
EXEC sp_dropuser 'User name'
I hope this might be helpful to you. Enjoy!
- 20th March, 2010: Initial post
A highly experienced leader with successful track record of software development, product innovations, brand management and corporate communication etc. Some successful product innovations have also achieved and awards “Most Valuable Professional” (MVP) at 2010 and 2011 by codeproject.com and also selected as a mentor of codeproject.com. Published over 100 technical articles in various software development resource sites (i.e., codeprojetc.com, Microsoft MSDN, and IEEE & IBM (In progress)) and various IT Forums, Blogs etc.
Over ten years of professional experiences in ICT field having extensive experience in formulating corporate vision and long term strategy. Leading development related functions including design, development, services, data management and analytics, customer experience management, content services, digital analytics and optimization.
An individual with results-driven approach and relentless in pursuit of excellence from a business and organizational standpoint. Believes in transparency, commitment and teamwork.
Expertise: Software/Solution Architect, SaaS platform base application, Large scale win32/web based business software solutions, enterprise applications, integration, etc.
Technologies/Tools: Microsoft.Net version 05/08/10/12, Microsoft SQL Server version 7/2K/05/08/12 , Oracle version 10/11, MySql version 5.1, 5.5, PS2, Visual C#, R, VB.NET, ASP.NET, PHP, API, MVC, WebAPI , Add-In Visual Basic etc.,. I have also more than two years’ of strong experience in mobile-VAS (platform development).
Points of Interest: Technology and research & development especially focused on business functionalities and social business areas as well, few stuff including:
1.R&D on new techniques as required to increase business revenue.
2.Urban and rural sectors to improve people’s lifestyle, better medical facilities, education, social business etc., using innovative technical solutions.
3.Research and innovative product development.