I am working on performing a cleanup in LOGINS.I am using the following code to identify the LOGINS that can potentially be removed[code="sql"]CREATE TABLE #mappedlogins ( loginname nvarchar(2000), username nvarchar(2000), dbname nvarchar(2000))exec sp_MSforeachdb 'use [?]insert into #mappedlogins (loginname, username, dbname)select sp.name AS LoginName,dp.name AS UserName, ''?''from sys.server_principals spleft join sys.database_principals dpon sp.sid= dp.sidwhere sp.type <> ''R'' AND sp.name NOT LIKE ''##%'' and dp.name is not null'select * from sys.syslogins where --isntname = 1 AND[sysadmin] = 0 AND[securityadmin] = 0 AND[serveradmin] = 0 AND[setupadmin] = 0 AND[processadmin] = 0 AND[diskadmin] = 0 AND[dbcreator] = 0 AND[bulkadmin] = 0and name not in (select loginname from #mappedlogins)and name not like '##MS_%'drop table #mappedlogins[/code]Is there any way that a LOGIN that meets the following conditions can have any access in SQL Server? (ie "Am I going to break something if I delete them :)"):- There is no USER in any database that is mapped to the LOGIN- The LOGIN has no server roles (sysadmin, serveradmin, dbcreator etc.)I do know that there is always a remote chance that the login is used in some sort of automation where it is temporarily given access and is then removed afterwards.Any thoughts would be appreaciated.
↧