ansaurus

Question

Checking if a SQL Server user already exists

Answer 1

+8 A:

If not Exists (select loginname from master.dbo.syslogins 
    where name = @loginName and dbname = 'PUBS')
Begin
Select @SqlStatement = QUOTENAME('CREATE LOGIN [' + @loginName + '] 
FROM WINDOWS WITH DEFAULT_DATABASE=     [PUBS], DEFAULT_LANGUAGE=[us_english]')

EXEC sp_executesql @SqlStatement
End

John Nolan 2009-09-04 14:01:48

+1. Better answer than mine. Good answer.

David Stratton 2009-09-04 14:05:27

+1: quicker and more complete than my solution :)

Marc 2009-09-04 14:20:46

you should use QUOTENAME to prevent sql injection. Attacker can pass a @loginName like `x] with password ''y'';\r\ndrop table foo;\r\n`

Remus Rusanu 2009-09-04 14:47:47

Good stuff, thanks guys!

Brett Rigby 2009-09-04 15:20:28

Answer 2

+2 A:

This works on SQL Server 2000.

use master
select count(*) From sysxlogins WHERE NAME = 'myUsername'

on SQL 2005, change the 2nd line to

select count(*) From syslogins WHERE NAME = 'myUsername'

I'm not sure about SQL 2008, but I'm guessing that it will be the same as SQL 2005 and if not, this should give you an idea of where t start looking.

David Stratton 2009-09-04 14:04:02

Answer 3

+3 A:

Try this (replace 'user' with the actual login name):

IF NOT EXISTS(
SELECT name 
FROM [master].[sys].[syslogins]
WHERE NAME = 'user')

BEGIN 
 --create login here
END

Marc 2009-09-04 14:05:21

@Marc: Sorry but you're wrong. Table [syslogins] keeps logins and table [sysusers] keep users.

abatishchev 2010-02-15 18:57:15

Answer 4

+9 A:

As a minor addition to this thread, in general you want to avoid using the views that begin with sys.sys* as Microsoft is only including them for backwards compatibility. For your code, you should probably use sys.server_principals. This is assuming you are using SQL 2005 or greater.

Bomlin 2009-09-04 14:09:57

Tested, works, and more current than the other answers. +1 to you as well.

David Stratton 2009-09-04 14:17:05

good to know, thanks!

Marc 2009-09-04 14:19:17

Yeah, with 2005 Microsoft took away direct access to the system tables. To keep from breaking old code, they include views that had the same name as the old tables. However, they are only meant for older code and newer code should iuse the new views. In BOL, do a search on Mapping System Tables to find out what you should use.

Bomlin 2009-09-04 14:29:39

Answer 5

+4 A:

Here's a way to do this in SQL Server 2005 and later without using the deprecated syslogins view:

IF NOT EXISTS 
    (SELECT name  
     FROM master.sys.server_principals
     WHERE name = 'TConnect.User')
BEGIN
    CREATE LOGIN [TConnect.User] WITH PASSWORD = N'password'
END

The server_principals view is used instead of sql_logins because the latter doesn't list Windows logins.

If you need to check for the existence of a user in a particular database before creating them, then you can do this:

USE your_db_name

IF NOT EXISTS
    (SELECT name
     FROM sys.database_principals
     WHERE name = 'Bob')
BEGIN
    CREATE USER [Bob] FOR LOGIN [Bob] 
END

Derek Morrison 2009-12-22 09:35:57

Nice one, thanks!

Brett Rigby 2009-12-22 14:00:10

ansaurus

tags:

views:

answers:

Checking if a SQL Server user already exists

related questions