db.user for Microsoft SQL Server: login name or database user name?

[KalleOlaviNiemitalo]

Under Semantic Conventions for Database Client Calls, db.user is documented as:

Username for accessing the database.

For Microsoft SQL Server, should this be the login name or the database user name? When an application connects to SQL Server, it sends the login name. Each database in SQL Server can then map the login to a database user. Server-wide permissions are granted to logins, but permissions on tables and other objects within a database are granted to database users or to their roles.

For telemetry purposes, the major differences are:

• Before the application connects to SQL Server, it typically knows the login name but not the database user name.
• If the application uses multiple databases over the same connection, then it can have a different database user name in each database, but typically only one login name for the whole connection. (Unless it uses EXECUTE AS to impersonate a different login.)

[joaopgrassi]

FYI @open-telemetry/semconv-db-approvers

My interpretation is the login name, since it says accessing the database. But I agree it needs better clarification.

[KalleOlaviNiemitalo]

Microsoft SQL Server also supports contained database authentication, which allows a client to log in as a database user that has a password, without needing a server-wide login at all. In this case, db.user would have to be the database user name. Contained user access to contained databases - SQL Server | Microsoft Learn

[trask]

hi @KalleOlaviNiemitalo, just a heads up we've deprecated db.user for now, check out #885 for reasoning