Drops a login account or list of accounts.
drop login login_name [, login_name_list] [ with override ]
drop login ravi, vinod
Executing drop login removes a user login from the SAP ASE server, deleting the user’s entry from master.dbo.syslogins.
The SAP ASE server reuses a dropped login’s server user ID, which compromises accountability. You can avoid dropping accounts entirely and, instead, use sp_locklogin to lock any accounts that are no longer used.
If you need to drop logins, be sure to audit these events (using sp_audit) so that you have a record of them.
drop login deletes all resource limits associated with the dropped login.
drop login fails if the login to be dropped is a user in any database on the server. Use sp_dropuser to drop the user from a database. You cannot drop a user from a database if that user owns any objects in the database.
If the login to be dropped is a System Security Officer, drop login verifies that at least one other unlocked System Security Officer’s account exists. If not, drop login fails. Similarly, drop login ensures that there is always at least one unlocked system administrator account.
For more information about dropping login accounts, see the Security Administration Guide.
lprofile_id, lprofile_name in Reference Manual: Building Blocks
sp_passwordpolicy, sp_displaylogin, sp_displayroles, sp_locklogin in Reference Manual: Procedures
ANSI SQL – Compliance level: Transact-SQL extension.
The permission checks for drop login differ based on your granular permissions settings.
Setting | Description |
---|---|
Enabled | With granular permissions enabled, you must be a user with manage any login privilege. |
Disabled | With granular permissions disabled, you must be a user with sso_role. |
Values in event and extrainfo columns of sysaudits are:
Information | Values |
---|---|
Event | 139 |
Audit option | login_admin |
Command or access audited | drop login |
Information in extrainfo | Keywords contain: loginname1[, ... [, loginnameN ]] |