Once again, I ran into the same issue as my previous post on a different server. Trying to drop a user, but not able to because "User has granted one or more permission(s)."
previous post:
http://becomingexceptional.blogspot.com/2012/04/drop-user-failed-user-has-granted-one.html
This time around though, there was one caveat, the endpoint was in use. I ran the same steps to determine what the endpoint was and what it was named.
So I had to change endpoint ownership to our SQL service account. But how to do it? I googled alter endpoint owner and found the following technet article:
http://technet.microsoft.com/en-us/library/ms187359.aspx
ALTER AUTHORIZATION ON ENDPOINT::Mirroring TO 'domain\svcaccount';
GO
I ran it, and I was now able to successfully delete the user.
Showing posts with label drop user failed. Show all posts
Showing posts with label drop user failed. Show all posts
Friday, April 13, 2012
Drop User Failed - User has granted one or more permission(s).
Today I was tasked with cleaning up our security logins, and one of the users came up with the following error:
(select principal_id from sys.server_principals where name = 'domain\user')
I wasn't quite sure what to do. After a little google-fu, I found the following script:
select * from sys.server_permissions
where grantor_principal_id = (select principal_id from sys.server_principals where name = 'domain\user')
And got two results:
This told me the user owned an endpoint, but which one? The previous query only gave me the major_id which was 65536.
Luckily, I found the following: http://technet.microsoft.com/en-us/library/ms180076.aspx
So I ran SELECT * FROM sys.endpoints and got the following results:
I saw endpoint_ID 65536 and found it was a mirroring endpoint. A mirroring remnant of mirroring that was once set up, but was now gone. So all I had to do was drop that endpoint with:
DROP ENDPOINT Mirroring
And I was good to drop the user.
Subscribe to:
Posts (Atom)