SQL Server – User and Schema Recreated During Stored Procedure Creation

schemasql serversql-server-2016stored-proceduresusers

As mentioned in the subject, a new user and schema are being created when a developer I'm working with creates a stored procedure. Originally I made a user and login for that developer individually but since deleted both. However, whenever they run a script to create a SP a user and schema named after their Active Directory name are recreated and the SP is placed in that "new" schema.

Even when I delete the SP, the user, and the schema, if they create the SP again the user and schema come back.

Does anyone have any insight into this?

Best Answer

This behavior is noted in the "Remarks" section of the CREATE SCHEMA documentation, under "Implicit Schema and User Creation" (emphasis added to highlight what you are experiencing):

In some cases a user can use a database without having a database user account (a database principal in the database). This can happen in the following situations:

A login has CONTROL SERVER privileges.

A Windows user does not have an individual database user account (a database principal in the database), but accesses a database as a member of a Windows group which has a database user account (a database principal for the Windows group).

When a user without a database user account creates an object without specifying an existing schema, a database principal and default schema will be automatically created in the database for that user. The created database principal and schema will have the same name as the name that user used when connecting to SQL Server (the SQL Server authentication login name or the Windows user name).

This behavior is necessary to allow users that are based on Windows groups to create and own objects. However it can result in the unintentional creation of schemas and users. To avoid implicitly creating users and schemas, whenever possible explicitly create database principals and assign a default schema. Or explicitly state an existing schema when creating objects in a database, using two or three-part object names.

Related Solutions

Sql-server – SQL Server: How to call stored procedure without schema name

Best practice is always qualify schema for all object references. See this by Tibor Karaszi or this by Midnight DBA or just trust me or the MS SQL Server Best Practice Analyzer

But you can run this if you choose to ignore best practice:

ALTER SCHEMA dbo TRANSFER John.mySP_Name;

SQL Server 2008 R2 – User/Schema Creation When Windows User Creates Tables

This has always happened, back to SQL Server 2000.
Without schema, how does SQL Server know you want to put it in the dbo schema?

The only way to specify a default schema is to :

use SQL logins (not Windows)
run as "sysadmin"

Neither of these is acceptable

Best practice is to always qualify schema for every object reference for DDL and DML. There are clear performance benefits because of plan re-use.

Also, deliberate schema use is better for SQL Server 2005:

tables in Data
other tables in Archive, Staging etc
code in schemas per client permissions: Desktop, WebGUI etc

Using the dbo schema is so last millenium :-) Links:

Best Answer

Related Solutions

Sql-server – SQL Server: How to call stored procedure without schema name

SQL Server 2008 R2 – User/Schema Creation When Windows User Creates Tables

Related Question