Subscribe to RSS feed  Follow @jackvamvas - Twitter

*Use the Comments section for questions Links


SQL Server DBA Jobs

How to check a SQL Login is part of the SYSADMIN role

21 June,2018 by Tom Collins

Question: As part of  a regular SQL Server Violations reporting and checking any vulnerabilities on SQL Servers, I run regular scans and report on elevated server roles.  What is an efficient method to identify if a login is using the sysadmin role?

Answer:  I use the IS_SRVROLEMEMBER  function , which allows you to check on various server roles. As well as sysadmin , it is possible to also check on  serveradmin,dbcreator,setupadmin,bulkadmin,securityadmin,diskadmin and processadmin.

The IS_SRVROLEMEMBER  returns either a value of 1 or 0. 1 = the login is a member of the role  0= the login is not a member of the role.

This an example of how to check if the 'BUILTIN\Administrators' login is a member of the sysadmin role, this is by using the login option

 SELECT IS_SRVROLEMEMBER('sysadmin', 'BUILTIN\Administrators'); 


This is an example if the CURRENT login is a member of the sysadmin group 



Read more on managing the sysadmin role

Drop sysadmin with ALTER SERVER ROLE and DROP MEMBER ...

Powershell sql server security audit

select current_user shows dbo (SQL Server DBA)


Author: Tom Collins (


Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment on How to check a SQL Login is part of the SYSADMIN role | SQL Server Performance Tuning | SQL Server DBA:Everything | FAQ | Contact|Copyright & Disclaimer