Several system functions return usernames and user IDs. Understanding the parameters and output of these functions requires understanding the types of names and IDs used in Microsoft® SQL Server™.
Each user logging in to SQL Server has two levels of names in SQL Server, and each name is associated with a unique ID:
Each user authorized to log in to SQL Server has one login name that gives them access to a SQL Server installation. There are two types of login names:
Members of the sysadmin or securityadmin fixed server roles can authorize the Windows NT accounts of individual users or Windows NT groups to log in to a SQL Server installation using sp_grantlogin. The user identified by the Windows NT account, or any person in the Windows NT group, can then connect to the SQL Server installation using Windows NT Authentication. Each Windows NT account or group name is stored in master.dbo.sysxlogins.name. The Windows NT security_identifier for the Windows NT account or group is stored in syslogins.sid.
These are used by users logging in using SQL Server Authentication. SQL Server login names are defined by members of the sysadmin or securityadmin fixed server roles using sp_addlogin. Each SQL Server login name is stored in master.dbo.sysxlogins.name. SQL Server generates a GUID that is used as a security_identifier and stores it in sysxlogins.sid.
SQL Server version 7.0 uses master.dbo.sysxlogins.sid as the security_identifier for the login name. Earlier versions of SQL Server instead used a server_user_id from a different table: master.dbo.syslogins.suid. For backward compatibility, SQL Server 7.0 implements syslogins as a view of sysxlogins, and syslogins.suid is a computed column that computes a server_user_id from the security_identifier in sysxlogins.
Each Windows NT account or SQL Server login must be associated with a username in each database they are authorized to access. Database usernames are defined by members of the db_owner or db_accessadmin fixed database role, and are stored in the sysusers table found in each database. Each database username is associated with a database user ID that is stored in sysusers.uid.
The security_identifier for each user is stored in sysusers.sid; therefore, users can be mapped back to their associated logins. It is less confusing if the members of the sysadmin, securityadmin, db_owner, and db_accessadmin roles use the same name for the database user as is used for the SQL Server login or Windows NT account; however, there is no requirement to do this.
For more information about login and database user accounts, see Logins, Users, Roles, and Groups.
When you are connected to SQL Server 7.0, use:
In SQL Server 7.0, the functions that return login names or accounts operate in this manner:
SUSER_SNAME takes either:
If a security_identifier is not specified for a connection made using Windows NT Authentication, SUSER_SNAME returns the name of the Windows NT account associated with the connection. If the connection was made using SQL Server Authentication, SUSER_SNAME returns the SQL Server login associated with the connection.
If a system_user_id is specified instead of a security_identifier, SUSER_SNAME returns NULL.
This function is supported for backward compatibility. Use SUSER_SNAME when connected to SQL Server 7.0. SUSER_NAME takes either:
If a system_user_id is not specified for a connection made using Windows NT Authentication, SUSER_NAME returns NULL. If the connection was made using SQL Server Authentication, SUSER_NAME returns the SQL Server login associated with the connection.
If a security_identifier is specified instead of a system_user_id, SUSER_NAME returns NULL.
This function is supported for backward compatibility. Use SUSER_SID when connected to SQL Server 7.0. login_account can be either:
If a login_account is not specified on a connection made using Windows NT Authentication, SUSER_SID returns the Windows NT security_identifier associated with the connection. If the connection was made using SQL Server Authentication, SUSER_SNAME returns the pseudo security_identifier associated with the connection.
This function is supported for backward compatibility. Use SUSER_SID when connected to SQL Server 7.0. login_account can be either of these:
If a login_account is not specified on a connection made using Windows NT Authentication, SUSER_SID returns NULL. If the connection was made using SQL Server Authentication, SUSER_SNAME returns the system_user_id associated with the connection.
This SQL-92 function is implemented as a synonym for SUSER_SNAME() (SUSER_SNAME specified without a security_identifier parameter) in Transact-SQL.
When you are connected to SQL Server 7.0, use:
SQL-92 allows for SQL statements to be coded in SQL modules that can have authorization identifiers separate from the authorization identifier of the user that has connected to an SQL database. SQL-92 specifies that SESSION_USER always returns the authorization identifier of the user that made the connection. CURRENT_USER returns the authorization identifier of the SQL module for any statements executed from an SQL module, or of the user that made the connection if the SQL statements were not executed from an SQL module. If the SQL module does not have a separate authorization identifier, SQL-92 specifies that CURRENT_USER returns the same value as SESSION_USER. Microsoft SQL Server does not have separate authorization identifiers for SQL modules; therefore, CURRENT_USER and SESSION_USER are always the same. The USER function is defined by SQL-92 as a backward compatibility function for applications written to earlier versions of the standard. It is specified to return the same value as CURRENT_USER.
In SQL Server 7.0, the functions that return login names or accounts operate in this manner:
USER_ID returns the database user ID associated with the specified database username. If database_user_name is not specified USER_ID returns the database user ID associated with the current connection.
USER_NAME returns the database user name associated with the specified database user ID. If database_user_ID is not specified USER_NAME returns the database username associated with the current connection.
These functions are synonyms for USER_NAME() (USER NAME specified without a database_user_ID parameter).
| CURRENT_USER | SYSTEM_USER |
| SUSER_ID | USER_ID |
| SUSER_SID | USER_NAME |
| SUSER_SNAME |