drop login

Drops a login account or list of accounts.

Syntax

drop login login_name [, login_name_list] [ with override ]

Parameters

Examples

Usage

  • Executing drop login removes a user login from the SAP ASE server, deleting the user’s entry from master.dbo.syslogins.

  • The SAP ASE server reuses a dropped login’s server user ID, which compromises accountability. You can avoid dropping accounts entirely and, instead, use sp_locklogin to lock any accounts that are no longer used.

  • If you need to drop logins, be sure to audit these events (using sp_audit) so that you have a record of them.

  • drop login deletes all resource limits associated with the dropped login.

  • drop login fails if the login to be dropped is a user in any database on the server. Use sp_dropuser to drop the user from a database. You cannot drop a user from a database if that user owns any objects in the database.

  • If the login to be dropped is a System Security Officer, drop login verifies that at least one other unlocked System Security Officer’s account exists. If not, drop login fails. Similarly, drop login ensures that there is always at least one unlocked system administrator account.

See also:
  • For more information about dropping login accounts, see the Security Administration Guide.

  • lprofile_id, lprofile_name in Reference Manual: Building Blocks

  • sp_passwordpolicy, sp_displaylogin, sp_displayroles, sp_locklogin in Reference Manual: Procedures

Standards

ANSI SQL – Compliance level: Transact-SQL extension.

Permissions

The permission checks for drop login differ based on your granular permissions settings.

SettingDescription
Enabled

With granular permissions enabled, you must be a user with manage any login privilege.

Disabled

With granular permissions disabled, you must be a user with sso_role.

Auditing

Values in event and extrainfo columns of sysaudits are:

InformationValues
Event

139

Audit option

login_admin

Command or access audited

drop login

Information in extrainfo

Keywords contain: loginname1[, ... [, loginnameN ]]

Related reference
alter login
alter login profile
create login
create login profile
drop login profile