Merge pull request #33965 from rwestMSFT/rw-0430-catalog-view-warning

[SCOPED] Fix wording on system catalog view warning

Author: v-shils

docs/includes/sscautionuserschema-md.md

@@ -1,9 +1,8 @@
 ---
 author: rwestMSFT
 ms.author: randolphwest
-ms.date: 01/29/2024
+ms.date: 04/30/2025
 ms.service: sql
 ms.topic: include
 ---
-  Beginning with SQL Server 2005, the behavior of schemas changed. As a result, code that assumes that schemas are equivalent to database users may no longer return correct results. Old catalog views, including sysobjects, should not be used in a database in which any of the following DDL statements have ever been used: CREATE SCHEMA, ALTER SCHEMA, DROP SCHEMA, CREATE USER, ALTER USER, DROP USER, CREATE ROLE, ALTER ROLE, DROP ROLE, CREATE APPROLE, ALTER APPROLE, DROP APPROLE, ALTER AUTHORIZATION. In such databases you must instead use the new catalog views. The new catalog views take into account the separation of principals and schemas that was introduced in SQL Server 2005. For more information about catalog views, see [Catalog Views (Transact-SQL)](../relational-databases/system-catalog-views/catalog-views-transact-sql.md).
-   
+Schemas aren't equivalent to database users. Use [System catalog views](../relational-databases/system-catalog-views/catalog-views-transact-sql.md) to identify any differences between database users and schemas.

docs/t-sql/statements/alter-application-role-transact-sql.md

@@ -21,7 +21,7 @@ dev_langs:
 
 # ALTER APPLICATION ROLE (Transact-SQL)
 
-[!INCLUDE [SQL Server Azure SQL Database Azure SQL Managed Instance](../../includes/applies-to-version/sql-asdb-asdbmi.md)]	
+[!INCLUDE [SQL Server Azure SQL Database Azure SQL Managed Instance](../../includes/applies-to-version/sql-asdb-asdbmi.md)]    
 
   Changes the name, password, or default schema of an application role.  
 
@@ -62,10 +62,10 @@ If the new application role name already exists in the database, the statement w
 >  Password expiration policy is not applied to application role passwords. For this reason, take extra care in selecting strong passwords. Applications that invoke application roles must store their passwords.  
   
  Application roles are visible in the sys.database_principals catalog view.  
-  
-> [!CAUTION]  
->  In [!INCLUDE[ssVersion2005](../../includes/ssversion2005-md.md)]the behavior of schemas changed from the behavior in earlier versions of [!INCLUDE[ssNoVersion](../../includes/ssnoversion-md.md)]. Code that assumes that schemas are equivalent to database users may not return correct results. Old catalog views, including sysobjects, should not be used in a database in which any of the following DDL statements has ever been used: CREATE SCHEMA, ALTER SCHEMA, DROP SCHEMA, CREATE USER, ALTER USER, DROP USER, CREATE ROLE, ALTER ROLE, DROP ROLE, CREATE APPROLE, ALTER APPROLE, DROP APPROLE, ALTER AUTHORIZATION. In a database in which any of these statements has ever been used, you must use the new catalog views. The new catalog views take into account the separation of principals and schemas that is introduced in [!INCLUDE[ssVersion2005](../../includes/ssversion2005-md.md)]. For more information about catalog views, see [Catalog Views (Transact-SQL)](../../relational-databases/system-catalog-views/catalog-views-transact-sql.md).  
-  
+
+> [!NOTE]  
+> [!INCLUDE [sscautionuserschema-md](../../includes/sscautionuserschema-md.md)]
+
 ## Permissions  
  Requires ALTER ANY APPLICATION ROLE permission on the database. To change the default schema, the user also needs ALTER permission on the application role. An application role can alter its own default schema, but not its name or password.  
 

docs/t-sql/statements/alter-authorization-transact-sql.md

@@ -171,8 +171,8 @@ The SCHEMA OWNER option is only valid when you are transferring ownership of a s
 
 If the target entity is not a database and the entity is being transferred to a new owner, all permissions on the target will be dropped.
 
-> [!CAUTION]
-> In [!INCLUDE[ssVersion2005](../../includes/ssversion2005-md.md)], the behavior of schemas changed from the behavior in earlier versions of [!INCLUDE[ssNoVersion](../../includes/ssnoversion-md.md)]. Code that assumes that schemas are equivalent to database users may not return correct results. Old catalog views, including sysobjects, should not be used in a database in which any of the following DDL statements has ever been used: CREATE SCHEMA, ALTER SCHEMA, DROP SCHEMA, CREATE USER, ALTER USER, DROP USER, CREATE ROLE, ALTER ROLE, DROP ROLE, CREATE APPROLE, ALTER APPROLE, DROP APPROLE, ALTER AUTHORIZATION. In a database in which any of these statements has ever been used, you must use the new catalog views. The new catalog views take into account the separation of principals and schemas that was introduced in [!INCLUDE[ssVersion2005](../../includes/ssversion2005-md.md)]. For more information about catalog views, see [Catalog Views (Transact-SQL)](../../relational-databases/system-catalog-views/catalog-views-transact-sql.md).
+> [!NOTE]  
+> [!INCLUDE [sscautionuserschema-md](../../includes/sscautionuserschema-md.md)]
 
  Also, note the following:
 

docs/t-sql/statements/alter-schema-transact-sql.md

@@ -78,8 +78,8 @@ ALTER SCHEMA schema_name
 
  ALTER SCHEMA uses a schema level lock.
 
-> [!CAUTION]  
->  [!INCLUDE[ssCautionUserSchema](../../includes/sscautionuserschema-md.md)]  
+> [!NOTE]  
+> [!INCLUDE[ssCautionUserSchema](../../includes/sscautionuserschema-md.md)]  
   
 ## Permissions  
  To transfer a securable from another schema, the current user must have CONTROL permission on the securable (not schema) and ALTER permission on the target schema.  

docs/t-sql/statements/alter-user-transact-sql.md

@@ -169,7 +169,7 @@ NAME = new_user_name
 
 The name of a user mapped to a [!INCLUDE[ssNoVersion](../../includes/ssnoversion-md.md)] login, a certificate, or an asymmetric key can't contain the backslash character (`\`).
 
-> [!CAUTION]
+> [!NOTE]  
 > [!INCLUDE[ssCautionUserSchema](../../includes/sscautionuserschema-md.md)]
 
 ## Security
@@ -422,7 +422,7 @@ Setting the default schema to `NULL` removes a default schema from a user create
 
 The name of a user mapped to a [!INCLUDE[ssNoVersion](../../includes/ssnoversion-md.md)] login, a certificate, or an asymmetric key can't contain the backslash character (`\`).
 
-> [!CAUTION]
+> [!NOTE]  
 > [!INCLUDE[ssCautionUserSchema](../../includes/sscautionuserschema-md.md)]
 
 ### Fabric SQL database
@@ -677,7 +677,7 @@ ALTER USER user_name
 
 The name of a user mapped to a [!INCLUDE[ssNoVersion](../../includes/ssnoversion-md.md)] login, a certificate, or an asymmetric key can't contain the backslash character (`\`).
 
-> [!CAUTION]
+> [!NOTE]  
 > [!INCLUDE[ssCautionUserSchema](../../includes/sscautionuserschema-md.md)]
 
 ### Remarks for Windows users in SQL on-premises migrated to Azure SQL Managed Instance
@@ -915,7 +915,7 @@ ALTER USER user_name
 
 The name of a user mapped to a [!INCLUDE[ssNoVersion](../../includes/ssnoversion-md.md)] login, a certificate, or an asymmetric key can't contain the backslash character (`\`).
 
-> [!CAUTION]
+> [!NOTE]  
 > [!INCLUDE[ssCautionUserSchema](../../includes/sscautionuserschema-md.md)]
 
 ## Security
@@ -1054,7 +1054,7 @@ ALTER USER user_name
 
 The name of a user mapped to a [!INCLUDE[ssNoVersion](../../includes/ssnoversion-md.md)] login, a certificate, or an asymmetric key can't contain the backslash character (`\`).
 
-> [!CAUTION]
+> [!NOTE]  
 > [!INCLUDE[ssCautionUserSchema](../../includes/sscautionuserschema-md.md)]
 
 ## Security

docs/t-sql/statements/create-application-role-transact-sql.md

@@ -55,8 +55,8 @@ CREATE APPLICATION ROLE application_role_name
 
  For information about how to use application roles, see [Application Roles](../../relational-databases/security/authentication-access/application-roles.md).  
 
-> [!CAUTION]  
->  [!INCLUDE[ssCautionUserSchema](../../includes/sscautionuserschema-md.md)]  
+> [!NOTE]  
+> [!INCLUDE[ssCautionUserSchema](../../includes/sscautionuserschema-md.md)]  
   
 ## Permissions  
  Requires ALTER ANY APPLICATION ROLE permission on the database.  

docs/t-sql/statements/create-role-transact-sql.md

@@ -53,9 +53,9 @@ CREATE ROLE role_name [ AUTHORIZATION owner_name ]
  Database roles are visible in the sys.database_role_members and sys.database_principals catalog views.  
 
  For information about designing a permissions system, see [Getting Started with Database Engine Permissions](../../relational-databases/security/authentication-access/getting-started-with-database-engine-permissions.md).  
-  
-> [!CAUTION]  
->  [!INCLUDE[ssCautionUserSchema](../../includes/sscautionuserschema-md.md)]  
+
+> [!NOTE]  
+> [!INCLUDE[ssCautionUserSchema](../../includes/sscautionuserschema-md.md)]  
   
 ## Permissions  
  Requires **CREATE ROLE** permission on the database or membership in the **db_securityadmin** fixed database role. When you use the **AUTHORIZATION** option, the following permissions are also required:  

docs/t-sql/statements/create-schema-transact-sql.md

@@ -98,8 +98,8 @@ CREATE SCHEMA schema_name [ AUTHORIZATION owner_name ] [;]
 
  The new schema is owned by one of the following database-level principals: database user, database role, or application role. Objects created within a schema are owned by the owner of the schema, and have a NULL **principal_id** in **sys.objects**. Ownership of schema-contained objects can be transferred to any database-level principal, but the schema owner always retains CONTROL permission on objects within the schema.  
 
-> [!CAUTION]  
->  [!INCLUDE[ssCautionUserSchema](../../includes/sscautionuserschema-md.md)]  
+> [!NOTE]  
+> [!INCLUDE[ssCautionUserSchema](../../includes/sscautionuserschema-md.md)]  
   
  **Implicit Schema and User Creation**  
 

docs/t-sql/statements/drop-application-role-transact-sql.md

@@ -39,8 +39,8 @@ DROP APPLICATION ROLE rolename
 ## Remarks  
  If the application role owns any securables it cannot be dropped. Before dropping an application role that owns securables, you must first transfer ownership of the securables, or drop them.  
 
-> [!CAUTION]  
->  [!INCLUDE[ssCautionUserSchema](../../includes/sscautionuserschema-md.md)]  
+> [!NOTE]  
+> [!INCLUDE[ssCautionUserSchema](../../includes/sscautionuserschema-md.md)]  
   
 ## Permissions  
  Requires ALTER ANY APPLICATION ROLE permission on the database.  

docs/t-sql/statements/drop-role-transact-sql.md

@@ -62,8 +62,8 @@ DROP ROLE role_name
 
  Information about role membership can be viewed in the sys.database_role_members catalog view.  
 
-> [!CAUTION]  
->  [!INCLUDE[ssCautionUserSchema](../../includes/sscautionuserschema-md.md)]  
+> [!NOTE]  
+> [!INCLUDE[ssCautionUserSchema](../../includes/sscautionuserschema-md.md)]  
   
  To remove a server role, use [DROP SERVER ROLE (Transact-SQL)](../../t-sql/statements/drop-server-role-transact-sql.md).