Strange behaviour reported by a user today.
The user DOMAIN\THE_USER.EXT had access to our SQL Server 2016 database using a group, let say DOMAIN\THE_GROUP.
In our database, he had access to tables & views using a row-level security, meaning using a SUSER_NAME() function.
It worked fine.
But the user was renamed in Active Directory, from DOMAIN\THE_USER.EXT to DOMAIN\THE_USER
Starting this point, he did not have access to any object anymore, even after rebooting its computer.
And very strange, when admin users of the database do emulate his credentials using EXECUTE AS LOGIN='DOMAIN\THE_USER', the row-level security was working as expected.
Part of the solution is here: sys.dm_exec_sessions, the user has inconsistent logins.
Just running the following query is enough to free the credential cache and fix the inconsistencies.
DBCC FREESYSTEMCACHE('TokenAndPermUserStore');
Another way of achieving this is to restart the SQL instance, but it is more aggressive on a production environment...
