From SQL Server 2008, there is a user in msdb
called MS_DataCollectorInternalUser
. This user has no login associated with this and can be considered as a orphan user.
It's a security best practice to drop orphan users.
The MS_DataCollectorInternalUser
cannot just be dropped using DROP USER
TSQL command because it has granted a database permission IMPERSONATE
to a user called dc_admin
.
We don't use the Data Collector feature of SQL Server.
What do you suggest ?
Best Answer
I cannot find reference from Microsoft Website but according to the Blog post from Alfred Songy. MS_DataCollectorInternalUser has to do with the Data Collector It is a user account intentially created with no SQL Login and A user created without login obviously cannot connect to the database and therefore I don't see a security risk. My suggestion is that it should not be removed deleting,modifying anything within system database is not a good idea. :)
This query below helps to identify Orphaned SQL Server Users.
After we know which users we will drop, the below script can be used to drop the orphaned users taking in account the need to first remove the association to schemas and database roles.
Here is how to execute it for all databases in a SQL Server instance:
Another helpful Link which address your concern
Hope my answer helps!