Home/ Questions/Q 8827947
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-14T07:29:41+00:00

I am learning the relations among authentication-user-role-schema. In my application I am using my

  • 0

I am learning the relations among authentication-user-role-schema. In my application I am using my Windows authentication which is assigned as sysadmin(as well as public) server role.

After that, when I am executing SELECT CURRENT_USER, I get dbo. However, I can’t find the mapping from the server role to the database user. I also tested by creating a login which has the server role as public. Using this login, I got guest when I executed SELECT CURRENT_USER.

So where does this mapping get defined?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I figured out how to check the mapping, and what is the part confusing me. Firstly, the query to check the mapping between server login and the db user is something like this:

    SELECT
SDP.PRINCIPAL_ID AS [Principal ID], 
SDP.NAME AS [Database UserName], 
SDP.TYPE_DESC AS [Datebase UserType],  
SSP.NAME AS [Server LoginName], 
SSP.TYPE_DESC AS [Server LoginType]
FROM sys.database_principals SDP 
INNER JOIN sys.server_principals SSP 
ON SDP.sid = SSP.sid

    the sid is the unique identifier for all the principals including server level, db level.

    Secondly, the actual part which confused me it. It is because there is an implicit mapping and yet it won’t be shown even by the query. Let me describe my question again: I use my Windows login (let’s call it MY_W_NAME) as the authentication mode to log into SQL Server. And after that, when I execute select CURRENT_USER to one database, I get dbo, which is a database user. It’s only nature that I would assume there is an explicit mapping between MY_W_NAME and dbo and I want to find that. I am using SQL Server management studio and I see in the properties window of my the server login MY_W_NAME, there is one tab called User Mapping. So I was expecting to see a mapping here, only to find there is none. After I run the query above, I still can’t find MY_W_NAME listed there. so it is really mysterious how it is mapped.

    It turned out it is because MY_W_NAME is of server role ‘sysadmin’, and by default this login will be mapped into all ‘dbo’ database user for all the databases. But this mapping won’t be displayed by the query, nor on the user mapping tab in the properties window. Some further experiments show more interest facts: I actually can add a explicit mapping from MY_W_NAME to a specific database, for example, from script or from the properties window. However, even though I see the execution of creating a new DB user for MY_W_NAME is successful, when I run select CURRENT_USER to this DB, I still get dbo. I guess it is because ‘sysadmin’ really has higher privilege. On the contrary, if I created a server login with ‘public’ server role, and I add a mapping between this login to a DB user, this mapping will be displayed.

    I must say this is not a natural way to a normal human-being with limited experience in SQL Server. After a couple of days, finally someone pointed it out to me.

    • 0