We are using a SQL Login as a vehicle for issuing permissions, but once authenticated through SQL, we'd still like to know the Active Directory name of the connected user?
We've tried:
SELECT SUSER_NAME()
SELECT SUSER_SNAME()
SELECT SUSER_SID()
SELECT USER_NAME()
SELECT USER_ID()
SELECT SYSTEM_USER
SELECT SESSION_USER
SELECT ORIGINAL_LOGIN()
Is that information still available somewhere?
Note: This is different from how to get windows user login name from sql server since we're using SQL Login, not a Windows Login to connect to SQL Server
It appears this is not possible.
According to Andrew Barber's comment on "Get windows user login name from sql server":
If they are logged in as a SQL Server user, they are not logged in as a Windows user; no Windows credentials are passed at all; so you simply can't get that information directly
Related
I use different username & password to connect SQL database & log in windows. I'm using trigger to track database insert, Update & Delete. For this purpose I use SUSER_NAME. Its show SQL login name. I want to get windows login name instead of SQL login name.
Use SUSER_NAME() or SUSER_SNAME()
If neither of these are returning your AD account you logged in via, check you are using AD trusted connections and not SQL auth.
https://learn.microsoft.com/en-us/sql/t-sql/functions/suser-sname-transact-sql?view=sql-server-2017
I wonder if it is possible to find out a Windows account details like user name that user used to connect to SQL server DB through Windows Authentication connection?
I have a table that has a UserName column and I would like to select the rows that have the UserName value the same as the login account name. Is it possible to write a stored procedure or function something like this
SELECT * from MyTable where MyTable.UserName =
Thank you
Use SYSTEM_USER:
"If the current user is logged in to SQL Server by using Windows Authentication, SYSTEM_USER returns the Windows login identification name in the form: DOMAIN\user_login_name. However, if the current user is logged in to SQL Server by using SQL Server Authentication, SYSTEM_USER returns the SQL Server login identification name, such as WillisJo for a user logged in as WillisJo."
I know this can be done in code (C#) by using WindowsIdentity, but is there a way to do this within the SP itself?
I tried using the USER function but it's returning dbo instead of the name. Is this because the user is the owner of the database? If that's so, how can I get the db owner's login name?
EDIT:
The application that executes the SP uses the sa user account, so if I use SYSTEM_USER, the returned value is sa.
SELECT SYSTEM_USER
Will return name of user which excecute code in SQL. More in this aricle
If SQL server service work from sa there is no way to get (windows) username from SQL Server side. I suppose it is security issue. Most information about connection to your SQL Server you may get from table sys.dm_exec_connections. There are stored IP addreses and port s and other useful things for existings connections.
I am needing to update the password of one of the users in the database security folder in SQL Server 2012. Unfortunately, we do not have a DBA in-house and consequently needing some help. I've been told that I have sysadmin privileges on this SQL Server but I cannot find WHERE to update a user's password in the database. When I googled this, msdn show me how to update a login in the SQL Server 2012 box but this user is NOT listed under the Security\Logins folder in this server but this user is only under the database\Security\Users folder.
I had tried the ALTER LOGIN username WITH PASSWORD = 'password'; command but I only got this error:
Msg 15151, Level 16, State 1, Line 2
Cannot alter the login 'ATM', because it does not exist or you do not have permission.
Any help/direction would be appreciated. Thanks.
This is the difference between logins and users and how they relate to each other:
Logins - Instance level principals that allow an entity to connect to the SQL Server instance. They do not, by their nature, grant any access to databases on the instance. The exception to this is a login with sysadmin rights can use a database because they are sysadmin, but because of sysadmin level permissions.
Users - Database level principals that allow an entity to connect to a SQL Server database. Users are associated with logins via SIDs, creating a relationship between the two and allowing a login to connect to the instance and then use the associated user to connect to the database.
What commonly happens with SQL authenticated logins and database users on a restore is that the SIDS will be out of sync or a login will not exist for a user in the database, thus breaking the relationship. This relationship must be repaired before you can connect to the database using that login, because in the eyes of SQL Server those principals are no longer connected. If the login doesn't exist, you will have to first create it in order to associate it with the user:
--Windows login (Active Directory pass through)
CREATE LOGIN [DOMAIN\foo] FROM WINDOWS;
--SQL Authenticated
CREATE LOGIN [foo] WITH PASSWORD='5+r0ngP#55w0rd';
Once the login exists, associate it with the user:
ALTER USER [foo] WITH LOGIN=[foo]
You can use the following query in the context of your database to check for orphans:
select
dp.name [user_name]
,dp.type_desc [user_type]
,isnull(sp.name,'Orhphaned!') [login_name]
,sp.type_desc [login_type]
from
sys.database_principals dp
left join sys.server_principals sp on (dp.sid = sp.sid)
where
dp.type in ('S','U','G')
and dp.principal_id >4
order by sp.name
SQL Server Profiler shows NtUsername.
How do I see the NTusername in trigger?
I don't understand. SQL Server Profiler shows the Windows username. SUSER_NAME, SUSER_SNAME ORIGINAL_LOGIN, USER, USER_NAME shows the username of the SQL user account. I want what the Profiler is showing. There must be a way if the profiler can do it.
You use SUSER_SNAME(). Not SUSER_NAME(). Note the extra S
SUSER_SNAME returns the connection user (SQL Server 2000+)
SUSER_NAME gives the value of sys.server_principals.principal_id (SQL Server 2005+)
SUSER_NAME will give NULL for a Windows user who connects via a Windows Group, because only the Windows Group has an entry in sys.server_principals
Notes:
you have SUSER_ID and SUSER_SID at the SQL Server Instance level which are the opposite
at the database level, you have USER_NAME and DATABASE_PRINCIPAL_ID (USER_ID is deprecated)
A SQL login won't have an ntusername value in Profiler, because it isn't available
Since I could not find how to get the NTUsername, I used HOST_NAME() which gave me the user's machine name.
SUSER_NAME, SUSER_SNAME, ORIGINAL_LOGIN, USER, USER_NAME all gave me the SQL account username.
There is no correlation between the NTUserName unless the login is a Windows Authentication login. But because suser_name() is not returning what you want, I'm assuming that you are using SQL Server Authentication.
In which case, I don't believe you can do this.
It apears that the protocol used in your case was NamedPipes.
if NTUserName is not blank and in LoginName you have SQL Login – then it is SQL Authentication Over Named Pipes
-- see http://sqlbg.wordpress.com/2011/05/28/how-to-check-what-sql-server-network-protocol-is-used-by-connections/