【发布时间】:2014-12-11 14:38:53
【问题描述】:
我想创建一个查询来读出数据库上用户的所有有效权限。这包括固定角色权限和授予用户的任何其他权限。是这样开始的,但现在我卡住了:
--固定数据库角色的权限不会出现在sys.database_permissions中。因此,数据库主体可能具有此处未列出的其他权限。
SELECT * FROM
(
SELECT
perm.permission_name AS 'PERMISSION'
,perm.state_desc AS 'RIGHT'
,perm.class_desc AS 'RIGHT_ON'
,p.NAME AS 'GRANTEE'
,m.NAME AS 'USERNAME'
,s.name AS 'SCHEMA'
,o.name AS 'OBJECT'
,IIF(perm.class = 0, db_name(), NULL) AS 'DATABASE'
FROM
sys.database_permissions perm
INNER JOIN sys.database_principals p ON p.principal_id = perm.grantee_principal_id
LEFT JOIN sys.database_role_members rm ON rm.role_principal_id = p.principal_id
LEFT JOIN sys.database_principals m ON rm.member_principal_id = m.principal_id
LEFT JOIN sys.schemas s ON perm.class = 3 AND perm.major_id = s.schema_id
LEFT JOIN sys.objects AS o ON perm.class = 1 AND perm.major_id = o.object_id
UNION ALL
SELECT
perm.permission_name AS 'PERMISSION'
,perm.state_desc AS 'RIGHT'
,perm.class_desc AS 'RIGHT_ON'
,'SELF-GRANTED' AS 'GRANTEE'
,p.NAME AS 'USERNAME'
,s.name AS 'SCHEMA'
,o.name AS 'OBJECT'
,IIF(perm.class = 0, db_name(), NULL) AS 'DATABASE'
FROM
sys.database_permissions perm
INNER JOIN sys.database_principals p ON p.principal_id = perm.grantee_principal_id
LEFT JOIN sys.schemas s ON perm.class = 3 AND perm.major_id = s.schema_id
LEFT JOIN sys.objects AS o ON perm.class = 1 AND perm.major_id = o.object_id
) AS [union]
WHERE [union].USERNAME = 'Username'
ORDER BY [union].GRANTEE,[union].RIGHT_ON, [union].PERMISSION
有什么想法吗?
【问题讨论】:
-
它已经在这个link完成了
-
不是真的.... 缺少像它们一样的权限,这些权限是从系统管理员角色授予的。那只是直接授予登录的服务器主体。仍然缺少来自任何固定服务器角色的权限。
标签: tsql select permissions sql-server-2012 roles