I am using the following query to check if the default schema is set to dbo
.
SELECT DB_NAME() AS [database]
,[name]
,[type_desc]
,[default_schema_name]
FROM [sys].[database_principals]
WHERE [type] IN ('U', 'G')
--AND [default_schema_name] <> 'dbo';
If not set to dbo
and someone create an object without specifying a schema identifier, a new schema
is created with his/her windows credentials.
So, I wanted to write a script to check (on certain period of time) if everything is set OK (because new machines and databases are restored/created on daily basis).
The issue with the script above is that I am able to see that my user's defaults schema is not dbo
, but when executed with other account, my user is not listed.
I supposed that's because of the WINDOWS_GROUP
that we are all member of, so I need to check its settings, but always get NULL
value for groups.
Best Answer
The
default schema
of agroup
can be checked with your script.When this script shows
NULL
for a group it means that thedefault schema
was not explicitly set for this group.This means that this
account
is not explicitly mapped to this database, but it's a member of one ore moreWindows groups
that are mapped.The rule here is:
When you see that
this means that this user the user is member of one or more Windows groups and none of these group has a default schema.
If you want to prevent this "schema creation" you should not leave users-
Windows groups
withoutdefault schema
, just assigndbo
schema todbo
:To check your user's groups mapped to this database execute the following code:
You can filter here on
type = 'WINDOWS GROUP'
but when non filtered, you see all the tokens, so if you don't see windows account as it is, it's because it was not explicitly mapped to this database and it reaches the database through Windows group(s)UPDATE
This behaviour is called
implicit schema creation
and is documented here: CREATE SCHEMA (Transact-SQL)