sp_denylogin (Transact-SQL)

Applies to: SQL Server

Prevents a Windows user or Windows group from connecting to an instance of SQL Server.

Important

This feature will be removed in a future version of SQL Server. Avoid using this feature in new development work, and plan to modify applications that currently use this feature. Use ALTER LOGIN instead.

Transact-SQL syntax conventions

Syntax

sp_denylogin [ @loginame = ] N'loginame'
[ ; ]

Arguments

[ @loginame = ] N'loginame'

The name of a Windows user or group. @loginame is sysname, with no default.

Return code values

0 (success) or 1 (failure).

Remarks

sp_denylogin denies CONNECT SQL permission to the server-level principal mapped to the specified Windows user or Windows group. If the server principal doesn't exist, it's created. The new principal is visible in the sys.server_principals catalog view.

sp_denylogin can't be executed within a user-defined transaction.

Permissions

Requires membership in the sysadmin fixed server role, or execute permission directly on this stored procedure.

Examples

The following example shows how to use sp_denylogin to prevent Windows user CORPORATE\GeorgeV from connecting to the server.

EXEC sp_denylogin 'CORPORATE\GeorgeV';

Related content

• sp_grantlogin (Transact-SQL)
• Security stored procedures (Transact-SQL)
• ALTER LOGIN (Transact-SQL)
• System stored procedures (Transact-SQL)