Skip to content

sys-sql-logins-transact-sql.md

Latest commit

 

History

History
59 lines (45 loc) · 3.33 KB

sys-sql-logins-transact-sql.md

File metadata and controls

59 lines (45 loc) · 3.33 KB
title sys.sql_logins (Transact-SQL)
description sys.sql_logins (Transact-SQL)
author VanMSFT
ms.author vanto
ms.date 04/29/2025
ms.service sql
ms.subservice system-objects
ms.topic reference
f1_keywords
sys.sql_logins_TSQL
sql_logins_TSQL
sys.sql_logins
sql_logins
helpviewer_keywords
sys.sql_logins catalog view
dev_langs
TSQL
monikerRange >=aps-pdw-2016 || =azuresqldb-current || >=sql-server-2016 || >=sql-server-linux-2017 || =azuresqldb-mi-current
ms.custom
build-2025

sys.sql_logins (Transact-SQL)

[!INCLUDE sql-asdb-asdbmi-pdw]

Returns one row for every [!INCLUDE ssNoVersion] authentication login.

Column name Data type Description
<inherited columns> N/A Inherits from sys.server_principals.
is_policy_checked bit Password policy is checked.
is_expiration_checked bit Password expiration is checked.
password_hash varbinary(256) Hash of SQL login password. In [!INCLUDE sssql22-md] and earlier versions, the stored password information is calculated using SHA-512 of the salted password. Starting with [!INCLUDE ssSQL25], an iterated hash algorithm, RFC2898 (PBKDF), is used. The first byte of the hash indicates the version: 0x02 for version 2 ([!INCLUDE sssql22-md] and earlier versions) and 0x03 for version 3 ([!INCLUDE ssSQL25] and later versions).

For a list of columns that this view inherits, see sys.server_principals. The columns owning_principal_id and is_fixed_role isn't inherited from sys.server_principals.

Remarks

To view both [!INCLUDE ssNoVersion] authentication logins and Windows authentication logins, see sys.server_principals.

When contained database users are enabled, connections can be made without logins. To identify those accounts, see sys.database_principals.

Permissions

In SQL Server, any [!INCLUDE ssNoVersion] authentication login can see their own login name, and the sa login. To see other logins, the principal requires ALTER ANY LOGIN, VIEW SERVER SECURITY DEFINITION, or a permission on the login.

To view the contents of the password_hash column, CONTROL SERVER is required. Starting with [!INCLUDE sssql22-md], VIEW ANY CRYPTOGRAPHICALLY SECURED DEFINITION permission is required.

In Azure SQL Database, only members of the special database role loginmanager in master or the Microsoft Entra Admin and Server Admin can see all logins.

[!INCLUDE sscatviewperm-md] For more information, see Metadata Visibility Configuration.

Related content