Revision: 62725
Initial Code
Initial URL
Initial Description
Initial Title
Initial Tags
Initial Language
at March 8, 2013 01:47 by edwinet
Initial Code
SELECT su.[name] AS 'User', CASE sp.[protecttype] WHEN 204 THEN 'GRANT w/ GRANT' WHEN 205 THEN 'GRANT' WHEN 206 THEN 'DENY' END AS 'Permission', CASE sp.[action] WHEN 26 THEN 'REFERENCES' WHEN 193 THEN 'SELECT' WHEN 195 THEN 'INSERT' WHEN 196 THEN 'DELETE' WHEN 197 THEN 'UPDATE' WHEN 224 THEN 'EXECUTE' END AS 'Action', so.[name] AS 'Object' FROM sysprotects AS sp INNER JOIN sysusers AS su ON sp.[uid] = su.[uid] INNER JOIN sysobjects AS so ON sp.[id] = so.[id] WHERE sp.[action] IN (26, 193, 195, 196, 197, 224) ORDER BY su.[name], so.[name];
Initial URL
http://www.mssqltips.com/sqlservertip/2132/auditing-sql-server-user-and-role-permissions-for-databases/
Initial Description
The sysprotects system table reports all of the permissions granted or denied in a given database. We'll need to join it with sysusers and sysobjects to get all the information we need. Here's an example query that only pulls information on objects (no CREATE TABLE permissions or anything else at the database level)
Initial Title
Auditing SQL Server User and Role Permissions for Databases
Initial Tags
sql, query, security
Initial Language
SQL