Return to Snippet

Revision: 62725
at March 8, 2013 01:47 by edwinet

Initial Code
    su.[name] AS 'User',
    CASE sp.[protecttype]
      WHEN 204 THEN 'GRANT w/ GRANT'
      WHEN 205 THEN 'GRANT'
      WHEN 206 THEN 'DENY' END AS 'Permission',
    CASE sp.[action]
      WHEN 193 THEN 'SELECT'
      WHEN 195 THEN 'INSERT'
      WHEN 196 THEN 'DELETE'
      WHEN 197 THEN 'UPDATE'
      WHEN 224 THEN 'EXECUTE' END AS 'Action',
    so.[name] AS 'Object'
FROM sysprotects AS sp
  INNER JOIN sysusers AS su
    ON sp.[uid] = su.[uid]
  INNER JOIN sysobjects AS so
    ON sp.[id] = so.[id]
WHERE sp.[action] IN (26, 193, 195, 196, 197, 224) 
ORDER BY su.[name], so.[name];

Initial URL

Initial Description
The sysprotects system table reports all of the permissions granted or denied in a given database. We'll need to join it with sysusers and sysobjects to get all the information we need. Here's an example query that only pulls information on objects (no CREATE TABLE permissions or anything else at the database level)

Initial Title
Auditing SQL Server User and Role Permissions for Databases

Initial Tags
sql, query, security

Initial Language