BACKGROUND:

The motivations and the purpose of this simple utility 
are non-obvious and need some explanation:

This utitlity helps preserve SQL Server security by 
preventing "dangling usernames" when the corresponding 
login ID is deleted. This can happen if a login ID has 
usernames associated with it in several databases. Note
that the stored procedure SP_DROPLOGIN ( because of 
certain limitations in the use of object names within 
a stored procedure ) only checks in the current database 
for an associated username and the sa is supposed to drop 
ALL other associated usernames before dropping the login ID. 
Failure to do so can compromise SQL Server Security.


The Reason: SP_ADDLOGIN generates the unique id (SUID) 
for a new login ID using MAX(SUID)+1. Thus the there is
a very good chance that a deleted SUID will be reused.
If there are any old usernames left in the SYSUSERS 
table of a database whose SUID happens to match the SUID
of the new login ID an instant and unwanted mapping is 
created oblivious to the sa. This gives the new login ID
unauthorized access to the database(s) with ALL the 
priveleges associated with the username. In a secure
environment this is not desirable.  SQL Server 4.2 users
may use the SQL Administration system to perform this
function.

Pg.83 of the sa Guide warns "to delete the usernames from
all databases associated with the login ID you are deleting".
This places the burden entirely on the sa and overlooking
this can lead to the above consequences. Most customers are
not even aware of this potential problem. Customers in a
secure environment need to be sure that the situation described
above cannot happen.


THIS UTILITY:


        . Queries the SYSDATABASES table in the master database
          for the names of all the databases on the server and
          stores these names in a list.

        . Prompts the sa for the name of the SQL Server and 
          login ID to be dropped.

        . Cycles through all the databases in the list looking
          for usernames associated with the login ID and drops 
          them using SP_DROPUSER.

        . Finally after cleaning out all the usernames it drops
          the login ID using SP_DROPLOGIN.



TO GET A TEST DEMO OF THIS UTILITY:


        . Using sp_addlogin add a login ID "testlogin" 

        . Using sp_adduser add username "testuser1" in database X

        . Using sp_adduser add username "testuser2" in database Y

	. Run this program ( cleanup.exe (DOS)/pcleanup.exe(OS2) )



Vaqar Pirzada
SQL Server Support


*** NOTICE ***

   NO WARRANTY.  ANY USE BY YOU OF THE SOFTWARE IS AT YOUR OWN RISK.
   THE SOFTWARE IS PROVIDED FOR USE "AS IS" WITHOUT WARRANTY OF ANY KIND.
   MICROSOFT AND ITS SUPPLIERS DISCLAIM ALL WARRANTIES OF ANY KIND, EITHER
   EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMINITATION, IMPLIED WARRANTIES
   OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  MICROSOFT WILL
   PROVIDE NO SUPPORT SERVICES FOR THIS SOFTWARE.

   NO LIABILITY FOR CONSEQUENTIAL DAMAGES.  In no event shall Microsoft or
   it suppliers be liable for any damages whatsoever (including, without
   limitation, damges for loss of business profits, business interruption,
   loss of business information, or other pecuniary loss) arising out of
   the use or inability to use this Microsoft product, even if Microsoft
   has been advised of the possibility of such damages.  Because some 
   states/jurisdictions do not allow the exclusion or limitation of
   liability for consequential or incidental damages, the above limitation
   may not apply to you.

   You may have additional rights, which vary from state/jurisdiction to
   state/jurisdiction.

