I have a question from a security point of view & everyone seems to have different opinions. so not sure if people understand this exactly.I have an SQL Login [test\testuser] (windows authenticated account) and this login has access to 2 databases: [dbtest1] & [dbtest2].If I've been asked to remove this user from the server (not just from 1 of the DB's), is the following command enough.[code="sql"] ALTER LOGIN [test\testuser] DISABLE [/code]I understand this person will no longer be able to log in but there user will not be removed from [dbtest1] & [dbtest2].Questions:1. Should I disable or remove the login? is there any difference between the 2 besides losing possibly historical record???2. If I disabled or Remove should I also remove the access to each DB.
↧