I've inherited a business application which has been around for c. 15 years composed of multiple databases that are all hosted on the same SQL Server (2012 SP4) instance.
In all of the databases there are SQL Server database users (not ones that are related to Windows Users or Groups) that are not mapped to any server login. These have accreted over the time the system has been in use. Specifically database users here not server logins. My suspicion is that they've been orphaned over time as the databases have been migrated from one server to the next over the last 15 years.
Some of these users are members of the db_owner database role and have thus been flagged up by sp_blitz. Whilst change control and approval are important; they're not the main thrust of this question. I identified the orphaned users due to sp_blitz flagging them because they have db_owner rights; the fact that they have db_owner is tangential to the core question here.
No database or agent jobs are associated with them – for the most part they look like utility accounts that were created for various tools and solutions which were subsequently deprecated or superseded – which explains why they didn't get re-created as server logins when the databases moved from one server to the next.
As best I can tell from my research, these users are entirely inert and won't have any access to the system (due to not being associated with a login), so: Is there any reason I shouldn't remove these users?
Best Answer
As pointed out in a comment by eckes you should contact management and stakeholders for approval before deleting them.
Additionally if there are test or development instances that have copies of the DB, there may be logins on those instances where the users have access. You will want to consider impact there before making changes.
Part of reaching out to stakeholders is identifying who is currently the responsible business user(s). It is not unusual to find a database that everyone forgot about and reaching out to these people that used to have access can be helpful.