sp_revokelogin (Transact-SQL)sp_revokelogin (Transact-SQL)

适用对象:是SQL Server 否Azure SQL 数据库 否Azure Synapse Analytics (SQL DW) 否并行数据仓库 APPLIES TO: yesSQL Server noAzure SQL Database noAzure Synapse Analytics (SQL DW) noParallel Data Warehouse

从中SQL ServerSQL Server删除使用 CREATE login、 sp_grantloginsp_denylogin创建的 Windows 用户或组的登录项。Removes the login entries from SQL ServerSQL Server for a Windows user or group created by using CREATE LOGIN, sp_grantlogin, or sp_denylogin.

重要

此功能处于维护模式并且可能会在 Microsoft SQL Server 将来的版本中被删除。This feature is in maintenance mode and may be removed in a future version of Microsoft SQL Server. 请避免在新的开发工作中使用该功能,并着手修改当前还在使用该功能的应用程序。Avoid using this feature in new development work, and plan to modify applications that currently use this feature.请改用DROP LOGINUse DROP LOGIN instead.

主题链接图标 Transact-SQL 语法约定Topic link icon Transact-SQL Syntax Conventions

语法Syntax

  
sp_revokelogin [ @loginame= ] 'login'  

参数Arguments

[ @loginame = ] 'login'Windows 用户或组的名称。[ @loginame = ] 'login' Is the name of the Windows user or group. loginsysname为,无默认值。login is sysname, with no default. 登录名可以是任何现有 Windows 用户名或计算机名为计算机名\用户或域\用户login can be any existing Windows user name or group in the form Computer name\User or Domain\User.

返回代码值Return Code Values

0(成功)或 1(失败)0 (success) or 1 (failure)

备注Remarks

sp_revokelogin使用login参数指定的帐户禁用连接。sp_revokelogin disables connections using the account specified by the login parameter. 但通过 Windows 组中的成员身份被授权访问 SQL ServerSQL Server 实例的 Windows 用户在其单独访问权限被撤消后仍可作为组来连接。But Windows users that have been granted access to an instance of SQL ServerSQL Server through membership in a Windows group can still connect as the group after their individual access has been revoked. 同样,如果login参数指定了 Windows 组的名称,则该组的成员被单独授予对实例的SQL ServerSQL Server访问权限仍然能够连接。Similarly, if the login parameter specifies the name of a Windows group, members of that group that have been separately granted access to the instance of SQL ServerSQL Server will still be able to connect.

例如,如果 Windows 用户ADVWORKS\john是 windows 组ADVWORKS\Admins的成员,并且sp_revokelogin吊销ADVWORKS\john以下内容的访问权限:For example, if Windows user ADVWORKS\john is a member of the Windows group ADVWORKS\Admins, and sp_revokelogin revokes the access of ADVWORKS\john:

sp_revokelogin [ADVWORKS\john]  

如果ADVWORKS\Admins已被授予对实例的SQL ServerSQL Server访问权限,则用户ADVWORKS\john仍可以连接。User ADVWORKS\john can still connect if ADVWORKS\Admins has been granted access to an instance of SQL ServerSQL Server. 同样,如果 Windows 组ADVWORKS\Admins已撤消其访问权限,但授予ADVWORKS\john访问权限,则ADVWORKS\john仍可连接。Similarly, if Windows group ADVWORKS\Admins has its access revoked but ADVWORKS\john is granted access, ADVWORKS\john can still connect.

使用sp_denylogin显式阻止用户连接到的实例SQL ServerSQL Server,而不考虑其 Windows 组成员身份。Use sp_denylogin to explicitly prevent users from connecting to an instance of SQL ServerSQL Server, regardless of their Windows group memberships.

不能在用户定义的事务中执行sp_revokeloginsp_revokelogin cannot be executed within a user-defined transaction.

权限Permissions

要求对服务器拥有 ALTER ANY LOGIN 权限。Requires ALTER ANY LOGIN permission on the server.

示例Examples

下面的示例删除 Windows 用户Corporate\MollyA的登录项。The following example removes the login entries for the Windows user Corporate\MollyA.

EXEC sp_revokelogin 'Corporate\MollyA';  

Or

EXEC sp_revokelogin [Corporate\MollyA];  

另请参阅See Also

安全存储过程 (Transact-sql) Security Stored Procedures (Transact-SQL)
DROP LOGIN (Transact-sql) DROP LOGIN (Transact-SQL)
sp_denylogin (Transact-sql) sp_denylogin (Transact-SQL)
sp_droplogin (Transact-sql) sp_droplogin (Transact-SQL)
sp_grantlogin (Transact-sql) sp_grantlogin (Transact-SQL)
系统存储过程 (Transact-SQL)System Stored Procedures (Transact-SQL)