Home/ Questions/Q 3274498
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-17T19:02:42+00:00

I have many security accounts on the sql database and i want to remove/add

  • 0

I have many security accounts on the sql database and i want to remove/add roles to them based on a simple string comparison.

  1. Basically i want to list all
    accounts
  2. Filter out accounts that DON’T start
    with “MyDomain\”
  3. Remove role A.
  4. Add role B.

What i found out by now is that i use sp_helprolemember to list all the accounts and sp_addrolemember and sp_droprolemember. My problem is that i dont know how to “get” the output from sp_helprolemember and work with it.

My first attemt at a soltuion based of feedback.

DROP TABLE [dbo].[XTemp]
create table XTemp(DbRole sysname,MemberName sysname,MemberSID varbinary(85) )

insert XTemp exec sp_helprolemember 
select * from XTemp

I made a permanent table to make it simpler to test and debug.

SELECT [DbRole]
      ,[MemberName]
      ,[MemberSID]
  FROM [ARTICLE].[dbo].[XTemp]
  WHERE MemberName like Domain\%'
    exec sp_addrolemember 'OldRole MemberName
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Assuming that you’re using SQL 2005 or later, and executing sp_helprolemember without parameters, this is the query that sp_helprolemember runs (extracted using sp_helptext):

      select DbRole = g.name, MemberName = u.name, MemberSID = u.sid  
   from sys.database_principals u, sys.database_principals g, sys.database_role_members m  
   where   g.principal_id = m.role_principal_id  
    and u.principal_id = m.member_principal_id  
   order by 1, 2

    This should enable you to collect the information you need into a temp table.

    If you’d rather stick to documented behaviour, you can store the output of the SP into a temp table:

    create table #t
(DbRole sysname,
MemberName sysname,
MemberSID varbinary(85) 
)

insert #t
exec sp_helprolemember 

select * from #t

    EDIT

    There are two ways to use this data to amend your system. One is using a cursor:

    DECLARE @memberName sysname

DECLARE curMember CURSOR fast_forward FOR
SELECT  MemberName
FROM #t 
WHERE MemberName LIKE 'Domain\%' 

OPEN curMember

FETCH NEXT FROM curMember INTO @memberName

WHILE @@FETCH_STATUS = 0
BEGIN

    EXEC sp_addrolemember 'OldRole', @memberName
    FETCH NEXT FROM curMember INTO @memberName

END

CLOSE curMember
DEALLOCATE curMember

    The other is using dynamic SQL:

    DECLARE @sql NVARCHAR(MAX),

SELECT @sql = 'EXEC sp_addrolemember ''OldRole'', ''' + MemberName + ''''
FROM #t
WHERE MemberName LIKE 'Domain\%' 

EXEC sp_executesql @stmt = @sql

    As you can see the dynamic SQL version is more compact but requires more effort to maintain.

    Remember that after you execute either statement, the data you extracted from sp_helprolemember into a table is no longer up to date, and should probably be refreshed.

    • 0