locked
Difficulties deleting login RRS feed

  • Question

  • Hello everyone,

    I have SQL Server 2005 Workgroup Edition.

    I've been trying to delete a login for several days without luck. When I try to delete from Object Explorer I get:

     

    " Drop failed for login 'DOMAIN\user'. (Microsoft.SqlServer.Smo)

    Login 'DOMAIN\user' has granted one or more permission(s). Revoke the permission(s) before dropping the login. (Microsoft SQL Server, Error: 15173)"

     

     I get the same error when trying drop login 'DOMAIN\user'

     

    In the login properties dialog the login is not mapped to any database. Nothing is marked under Server roles. The Login is enabled, and when I try to disable it I get the follosing error:

     

    "Disable login. failed for Login 'DOMAIN\user'.  (Microsoft.SqlServer.Smo)

    Could not obtain information about Windows NT group/user 'DOMAIN\user', error code 0x534. (Microsoft SQL Server,  Error: 15404)"

     

    I looked for securables under login properties. The only permission the user granted was for himself.

     

    I checked (and didn't get anything back):

    select * from sys.server_permissions
    where grantee_principal_id =
    (select principal_id from sys.server_principals where name = 'DOMAIN\user')

     

     

    Any ideas???

     

    Thanks!

     

     

     

     

     

    Friday, October 17, 2008 2:33 PM

All replies

  • Welcome to MSDN forums,

    Moving the thread to SQL security forum for better response..

    - Deepak
    Saturday, October 18, 2008 2:04 PM
  • Better late than never and if already solved for future reference:

     

    The error message states that 'DOMAIN\user' has GRANTED one or more permissions. Which means it is not the grantee, but the grantor of the permissions. What this means is that by changing your query slightly you might get the permissions you were looking for:

     

    select * from sys.server_permissions

    where grantor_principal_id =

    (select principal_id from sys.server_principals where name = 'DOMAIN\user')

     

     

    Tuesday, November 25, 2008 7:59 AM
  • So once you found the permission how did you revoke it?
    Tuesday, November 29, 2011 4:08 PM