SQL Server Security on SQL Server Scripts

SQL Server Find Orphan Users Script

Fri, 17 Apr 2026 00:00:00 +0000

Orphaned database users are a common problem after database restores, server migrations, or login deletions. A database user becomes orphaned when its SID does not match any server-level login SID. This script queries sys.database_principals and sys.server_principals to find every orphaned user in a database, and shows how to fix them.

Purpose and Overview

When you restore a database to a new server, or when a Windows account or SQL login is dropped at the server level, the corresponding database user record remains in the database. That user is now orphaned — it exists in sys.database_principals but has no matching entry in sys.server_principals by SID.

SQL Server User Permissions and Role Memberships

Fri, 10 Apr 2026 00:00:00 +0000

Audit SQL Server Database User Permissions and Role Memberships

This script queries the SQL Server system catalog to produce a complete audit of database-level permissions, covering direct object grants to users, permissions inherited through database roles, and permissions granted to the public role — all in a single result set.

Purpose and Overview

Understanding who has access to what in a SQL Server database is a fundamental security and compliance requirement. Permissions in SQL Server are layered: a user may have rights granted directly, through membership in one or more database roles, or through the public role that every user belongs to by default. Auditing all three layers individually is time-consuming. This script, from the DBA-Scripts collection by Bulent Gucuk, uses three UNION-connected queries against the system catalog views to produce one flat result set covering every permission pathway for every user. Security teams can use the output for access reviews, compliance audits, and troubleshooting unexpected permission grants or denials.

SQL Server Object Permissions: Generate GRANT Statements

Fri, 08 Aug 2025 00:00:00 +0000

SQL Server Object-Level Permissions Script: Generate GRANT Statements for Database Security

Database security is a critical aspect of SQL Server administration, and managing permissions at the object level can be time-consuming when done manually. This SQL Server script automates the process of generating GRANT statements for all database objects, making it easier for database administrators to apply consistent permissions across their database schema.

Purpose of the Script

This SQL Server script is designed to automatically generate GRANT permission statements for all user tables and stored procedures in a database. Instead of manually writing individual GRANT statements for each object, this script queries the system catalog to dynamically create the necessary permission commands for a specific database role called SelectInsertUpdateDeleteExecSP.