Skip to content

suser-sid-transact-sql.md

Latest commit

 

History

History
131 lines (100 loc) · 6.24 KB

suser-sid-transact-sql.md

File metadata and controls

131 lines (100 loc) · 6.24 KB
title SUSER_SID (Transact-SQL) | Microsoft Docs
ms.custom
ms.date 07/29/2017
ms.prod sql
ms.prod_service database-engine, sql-database
ms.reviewer
ms.suite sql
ms.technology t-sql
ms.tgt_pltfrm
ms.topic language-reference
f1_keywords
SUSER_SID
SUSER_SID_TSQL
dev_langs
TSQL
helpviewer_keywords
logins [SQL Server], users
SIDs [SQL Server]
security identifiers [SQL Server]
users [SQL Server], logins
15401 (Database Engine error)
IDs [SQL Server], logins
identification numbers [SQL Server], logins
SUSER_SID function
ms.assetid 57b42a74-94e1-4326-85f1-701b9de53c7d
caps.latest.revision 31
author MashaMSFT
ms.author mathoma
manager craigg

SUSER_SID (Transact-SQL)

[!INCLUDEtsql-appliesto-ss2008-asdb-xxxx-xxx-md]

Returns the security identification number (SID) for the specified login name.

Topic link icon Transact-SQL Syntax Conventions

Syntax

  
SUSER_SID ( [ 'login' ] [ , Param2 ] )

Arguments

' login '
Applies to: [!INCLUDEssKatmai] through [!INCLUDEssCurrent]

Is the login name of the user. login is sysname. login, which is optional, can be a [!INCLUDEssNoVersion] login or [!INCLUDEmsCoName] Windows user or group. If login is not specified, information about the current security context is returned. If the parameter contains the word NULL will return NULL.

Param2
Applies to: [!INCLUDEssSQL11] through [!INCLUDEssCurrent]

Specifies whether the login name is validated. Param2 is of type int and is optional. When Param2 is 0, the login name is not validated. When Param2 is not specified as 0, the Windows login name is verified to be exactly the same as the login name stored in [!INCLUDEssNoVersion].

Return Types

varbinary(85)

Remarks

SUSER_SID can be used as a DEFAULT constraint in either ALTER TABLE or CREATE TABLE. SUSER_SID can be used in a select list, in a WHERE clause, and anywhere an expression is allowed. SUSER_SID must always be followed by parentheses, even if no parameter is specified.

When called without an argument, SUSER_SID returns the SID of the current security context. When called without an argument within a batch that has switched context by using EXECUTE AS, SUSER_SID returns the SID of the impersonated context. When called from an impersonated context, SUSER_SID(ORIGINAL_LOGIN()) returns the SID of the original context.

When the [!INCLUDEssNoVersion] collation and the Windows collation are different, SUSER_SID can fail when [!INCLUDEssNoVersion] and Windows store the login in a different format. For example, if the Windows computer TestComputer has the login User and [!INCLUDEssNoVersion] stores the login as TESTCOMPUTER\User, the lookup of the login TestComputer\User might fail to resolve the login name correctly. To skip this validation of the login name, use Param2. Differing collations is often a cause of [!INCLUDEssNoVersion] error 15401:

Windows NT user or group '%s' not found. Check the name again.

Examples

A. Using SUSER_SID

The followng example returns the security identification number (SID) for the current security context.

SELECT SUSER_SID();

B. Using SUSER_SID with a specific login

The following example returns the security identification number for the [!INCLUDEssNoVersion] sa login.

Applies to: [!INCLUDEssSQL11] through [!INCLUDEssCurrent]

SELECT SUSER_SID('sa');  
GO

C. Using SUSER_SID with a Windows user name

The following example returns the security identification number for the Windows user London\Workstation1.

Applies to: [!INCLUDEssSQL11] through [!INCLUDEssCurrent]

SELECT SUSER_SID('London\Workstation1');  
GO

D. Using SUSER_SID as a DEFAULT constraint

The following example uses SUSER_SID as a DEFAULT constraint in a CREATE TABLE statement.

USE AdventureWorks2012;  
GO  
CREATE TABLE sid_example  
(  
login_sid   varbinary(85) DEFAULT SUSER_SID(),  
login_name  varchar(30) DEFAULT SYSTEM_USER,  
login_dept  varchar(10) DEFAULT 'SALES',  
login_date  datetime DEFAULT GETDATE()  
);   
GO  
INSERT sid_example DEFAULT VALUES;  
GO

E. Comparing the Windows login name to the login name stored in SQL Server

The following example shows how to use Param2 to obtain the SID from Windows and uses that SID as an input to the SUSER_SNAME function. The example provides the login in the format in which it is stored in Windows (TestComputer\User), and returns the login in the format in which it is stored in [!INCLUDEssNoVersion] (TESTCOMPUTER\User).

Applies to: [!INCLUDEssSQL11] through [!INCLUDEssCurrent]

SELECT SUSER_SNAME(SUSER_SID('TestComputer\User', 0));

See Also

ORIGINAL_LOGIN (Transact-SQL)
CREATE TABLE (Transact-SQL)
binary and varbinary (Transact-SQL)
System Functions (Transact-SQL)