Disabling user account issue

NickAngelopoulos-2675 41 Reputation points
2021-12-21T12:34:39.043+00:00

SSMS 15.0.18390.0 - SQL Server 2019

From within SSMS, i have just created a local user account (SQL, not domain) in Security/Logins of a server, and gave it Read/Write access to a database. I then went to account properties and disabled the account. When i went to the database/Security/Users, i saw that the user did not have a red "x" on it as if it was enabled. Indeed when i tried an ODBC connection to the server with this user via an application, it worked fine!

Re-enabling and disabling it again had no effect. Since this is a production server, i cannot try restarting it but it seems Disabling a user (from SSMS at least) does not work.

SQL Server Other
0 comments No comments
{count} votes

Accepted answer
  1. CathyJi-MSFT 22,396 Reputation points Microsoft External Staff
    2021-12-22T02:32:50.457+00:00

    Hi @NickAngelopoulos-2675 ,

    You need to run below T-SQL to disable a database user.

    USE MYDB  
    GO  
    REVOKE CONNECT FROM User1  
    

    Below is a test in my environment.

    1. Disable login Cathy2

    159523-screenshot-2021-12-22-102642.jpg

    159460-screenshot-2021-12-22-102743.jpg

    2... Disable database user Cathy2 mapped to the login Cathy2

    159551-screenshot-2021-12-22-102936.jpg

    Refer to the blog How to disable a database user .


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    0 comments No comments

3 additional answers

Sort by: Most helpful
  1. Tom Phillips 17,771 Reputation points
    2021-12-21T16:23:49.537+00:00

    There was a bug a long time ago in SSMS which did not disable users from the UI.

    Please download the current version of SSMS and retest:
    https://learn.microsoft.com/en-us/sql/ssms/download-sql-server-management-studio-ssms?view=sql-server-ver15

    0 comments No comments

  2. Erland Sommarskog 121.4K Reputation points MVP Volunteer Moderator
    2021-12-21T22:29:00.417+00:00

    To see it a login is disabled, run:

    SELECT is_disabled FROM sys.server_principals WHERE name = 'thename'
    

    If this returns 0, run

    ALTER LOGIN thename DISABLE
    

    I tried to disable from the UI on SSMS 18.10, and that seemed to work. (But I much prefer to work with SQL commands.)

    0 comments No comments

  3. NickAngelopoulos-2675 41 Reputation points
    2021-12-22T07:56:59.977+00:00

    Thank you all for your answers. I now understand better how things work, as a user though, i still consider this a bug.

    A disabled account (from the UI) should not be able to do anything. Since it is possible to disable it from the UI, it should be fully disabled. You shouldn't have to execute additional sql statements to prevent it from logging or anything else, otherwise the UI option should not be named "disabled", but "partly-disable" or "disable-some features".

    Anyway, thanks again.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.