Sql Server Large amount of unused database users and logins
-
Pardon asking what may be considered an opinion based question, but what are the benefits of removing unused database users and logins? I have a database with > 50k sql users which map to sql logins. I have years of login activity audits, only 100 are used. It comes from a legacy issue where every new customer gets a sql user and sql login created but they are not used. I wish to know the disadvantages of having these users and logins, if there are any. Thanks in advance
-
If you're not disabling these LOGINs afterwards, it gives someone malicious more avenues for access. – Larnu
Also we have found that the more logins that exist, the longer login creation takes. Which isn't a big deal for a single CREATE LOGIN but it can be a bigger deal if you have automation in place that tries to create 1,000 or 10,000 at a time. – Aaron Bertrand
There are also the basic UI symptoms involved with large numbers of anything, where expanding nodes in Object Explorer or right-clicking for properties can take a long time and block other users and/or time out. – Aaron Bertrand
You wont have perf issues as the logins you identified are dormant. You will have issues in terms of manageability and UI experience as Aaron mentioned. Better disable them and if no one shouts .. drop them when you feel comfortable. – Kin Shah
