Once again, I ran into the same issue as my previous post on a different server. Trying to drop a user, but not able to because "User has granted one or more permission(s)."
previous post:
http://becomingexceptional.blogspot.com/2012/04/drop-user-failed-user-has-granted-one.html
This time around though, there was one caveat, the endpoint was in use. I ran the same steps to determine what the endpoint was and what it was named.
So I had to change endpoint ownership to our SQL service account. But how to do it? I googled alter endpoint owner and found the following technet article:
http://technet.microsoft.com/en-us/library/ms187359.aspx
ALTER AUTHORIZATION ON ENDPOINT::Mirroring TO 'domain\svcaccount';
GO
I ran it, and I was now able to successfully delete the user.
Friday, April 13, 2012
Drop User Failed - User has granted one or more permission(s).
Today I was tasked with cleaning up our security logins, and one of the users came up with the following error:
(select principal_id from sys.server_principals where name = 'domain\user')
I wasn't quite sure what to do. After a little google-fu, I found the following script:
select * from sys.server_permissions
where grantor_principal_id = (select principal_id from sys.server_principals where name = 'domain\user')
And got two results:
This told me the user owned an endpoint, but which one? The previous query only gave me the major_id which was 65536.
Luckily, I found the following: http://technet.microsoft.com/en-us/library/ms180076.aspx
So I ran SELECT * FROM sys.endpoints and got the following results:
I saw endpoint_ID 65536 and found it was a mirroring endpoint. A mirroring remnant of mirroring that was once set up, but was now gone. So all I had to do was drop that endpoint with:
DROP ENDPOINT Mirroring
And I was good to drop the user.
Subscribe to:
Posts (Atom)