【发布时间】:2018-03-06 15:40:40
【问题描述】:
我正在尝试使用查询来确定自定义角色对哪些存储过程具有执行权限。我尝试使用 has_perms_by_name,但我无法理解和使用它。
【问题讨论】:
标签: sql sql-server stored-procedures ssms sql-server-2017
【发布时间】:2018-03-06 15:40:40
【问题描述】:
假设您只关心角色被明确授予了哪些存储过程的执行权限:
DECLARE @role SYSNAME = 'MyRole';
SELECT o.[name]
FROM sys.database_permissions p
JOIN sys.objects o ON p.major_id = o.[object_id]
JOIN sys.database_principals pr ON p.grantee_principal_id = pr.principal_id
WHERE pr.[name] = @role
AND p.[state] = 'G' -- GRANT
AND p.[type] = 'EX' -- EXECUTE
AND o.[type] = 'P' -- PROCEDURE
这不包括(不太常见的)角色被赋予全局GRANT EXECUTE 的情况。
【讨论】:
this 应该给你的目标:
DECLARE @Obj_sql VARCHAR(2000)
DECLARE @Obj_table TABLE (DBName VARCHAR(200), UserName VARCHAR(250), ObjectName VARCHAR(500), Permission VARCHAR(200), objecttype varchar(200))
SET @Obj_sql='select ''?'' as DBName,U.name as username, O.name as object, permission_name as permission, o.type from ?.sys.database_permissions
join ?.sys.sysusers U on grantee_principal_id = uid join ?.sys.sysobjects O on major_id = id WHERE ''?'' NOT IN (''master'',''msdb'',''model'',''tempdb'') order by U.name '
INSERT @Obj_table
EXEC sp_msforeachdb @command1=@Obj_sql
SELECT * FROM @Obj_table
where UserName = 'RSExecRole' --edit with username you're looking for
and objecttype = 'P'
【讨论】: