Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

How to get user roles Expand / Collapse
Author
Message
Posted Tuesday, October 16, 2007 8:07 AM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Tuesday, June 24, 2014 1:19 PM
Points: 164, Visits: 231
When a user logs into my application, I would like to see which DB roles are assigned to that user. Does someone know the correct SQL to give me that information?

Thank you

Would this work?
SELECT users.name, groups.name
FROM sysmembers membs
JOIN sysusers users on membs.memberuid = users.uid
JOIN sysusers groups on membs.groupuid = groups.uid
And, would a user need special permission to execute this SQL?
Post #411310
Posted Tuesday, October 16, 2007 8:23 AM


SSChampion

SSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampion

Group: General Forum Members
Last Login: 2 days ago @ 3:50 AM
Points: 13,991, Visits: 28,373
You can use IS_MEMBER() to determine the current users inclusion in a particular group. There are also a series of dynamic management views (DMV) that access security. Try sys.database_role_members and sys.database_principals to see the list of users and their association within a role.

Something like this, as a start:

SELECT p.NAME
,m.NAME
FROM sys.database_role_members rm
JOIN sys.database_principals p
ON rm.role_principal_id = p.principal_id
JOIN sys.database_principals m
ON rm.member_principal_id = m.principal_id


----------------------------------------------------
"The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood..." Theodore Roosevelt
The Scary DBA
Author of: SQL Server Query Performance Tuning
SQL Server 2012 Query Performance Tuning
SQL Server 2008 Query Performance Tuning Distilled
and
SQL Server Execution Plans

Product Evangelist for Red Gate Software
Post #411323
Posted Wednesday, October 17, 2007 3:56 AM
SSC Veteran

SSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC Veteran

Group: General Forum Members
Last Login: Wednesday, August 13, 2014 2:52 AM
Points: 263, Visits: 348
Normally I use this script to get all user information for a db

select
[Login Type]=
case sp.type
when 'u' then 'WIN'
when 's' then 'SQL'
when 'g' then 'GRP'
end,
convert(char(45),sp.name) as srvLogin,
convert(char(45),sp2.name) as srvRole,
convert(char(25),dbp.name) as dbUser,
convert(char(25),dbp2.name) as dbRole
from
sys.server_principals as sp join
sys.database_principals as dbp on sp.sid=dbp.sid join
sys.database_role_members as dbrm on dbp.principal_Id=dbrm.member_principal_Id join
sys.database_principals as dbp2 on dbrm.role_principal_id=dbp2.principal_id left join
sys.server_role_members as srm on sp.principal_id=srm.member_principal_id left join
sys.server_principals as sp2 on srm.role_principal_id=sp2.principal_id


Francisco Racionero
twitter: @fracionero
Post #411624
Posted Wednesday, October 17, 2007 7:57 PM


Keeper of the Duck

Keeper of the Duck

Group: Moderators
Last Login: Friday, November 14, 2014 7:14 AM
Points: 6,625, Visits: 1,876
In SQL Server, roles can be nested, so that needs to be taken into account. In SQL Server 2000 you'd have to do recursion using temp tables. In SQL Server 2005 you can use a CTE. One small note, I've UNION ALLed to include public because all database principals are a member of public but it's not shown in the sys.database_role_members DMV:

WITH CTE_Roles (role_principal_id)
AS
(
SELECT role_principal_id
FROM sys.database_role_members
WHERE member_principal_id = USER_ID()
UNION ALL
SELECT drm.role_principal_id
FROM sys.database_role_members drm
INNER JOIN CTE_Roles CR
ON drm.member_principal_id = CR.role_principal_id
)
SELECT USER_NAME(role_principal_id) RoleName
FROM CTE_Roles
UNION ALL
SELECT 'public'
ORDER BY RoleName;



K. Brian Kelley, CISA, MCSE, Security+, MVP - SQL Server
Regular Columnist (Security), SQLServerCentral.com
Author of Introduction to SQL Server: Basic Skills for Any SQL Server User
| Professional Development blog | Technical Blog | LinkedIn | Twitter
Post #412002
Posted Thursday, July 8, 2010 4:23 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Monday, October 27, 2014 9:41 AM
Points: 6, Visits: 46
f.racionero (10/17/2007)
Normally I use this script to get all user information for a db

select
[Login Type]=
case sp.type
when 'u' then 'WIN'
when 's' then 'SQL'
when 'g' then 'GRP'
end,
convert(char(45),sp.name) as srvLogin,
convert(char(45),sp2.name) as srvRole,
convert(char(25),dbp.name) as dbUser,
convert(char(25),dbp2.name) as dbRole
from
sys.server_principals as sp join
sys.database_principals as dbp on sp.sid=dbp.sid join
sys.database_role_members as dbrm on dbp.principal_Id=dbrm.member_principal_Id join
sys.database_principals as dbp2 on dbrm.role_principal_id=dbp2.principal_id left join
sys.server_role_members as srm on sp.principal_id=srm.member_principal_id left join
sys.server_principals as sp2 on srm.role_principal_id=sp2.principal_id


Very good...
Post #949648
Posted Thursday, April 4, 2013 10:23 AM
Ten Centuries

Ten CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen Centuries

Group: General Forum Members
Last Login: Monday, November 17, 2014 12:23 PM
Points: 1,360, Visits: 1,761
alexkedrov (7/8/2010)
f.racionero (10/17/2007)
Normally I use this script to get all user information for a db

select
[Login Type]=
case sp.type
when 'u' then 'WIN'
when 's' then 'SQL'
when 'g' then 'GRP'
end,
convert(char(45),sp.name) as srvLogin,
convert(char(45),sp2.name) as srvRole,
convert(char(25),dbp.name) as dbUser,
convert(char(25),dbp2.name) as dbRole
from
sys.server_principals as sp join
sys.database_principals as dbp on sp.sid=dbp.sid join
sys.database_role_members as dbrm on dbp.principal_Id=dbrm.member_principal_Id join
sys.database_principals as dbp2 on dbrm.role_principal_id=dbp2.principal_id left join
sys.server_role_members as srm on sp.principal_id=srm.member_principal_id left join
sys.server_principals as sp2 on srm.role_principal_id=sp2.principal_id


Very good...


I want to add this to a cursor and have it select the name of the database as well..Can we add the name of database to it?


“If your actions inspire others to dream more, learn more, do more and become more, you are a leader.” -- John Quincy Adams
Post #1438897
Posted Friday, April 5, 2013 2:30 PM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Today @ 1:51 PM
Points: 191, Visits: 901
I had to do this just recently. Here is what I used to get a list of users and all the roles they belong to. They are listed more than once if they belong to more than one role.


-- set database context first

select members.name AS UserName, RTRIM(LTRIM(roles.name)) AS RoleName
from sys.database_principals members
inner join sys.database_role_members drm
on members.principal_id = drm.member_principal_id
inner join sys.database_principals roles
on drm.role_principal_id = roles.principal_id
WHERE members.name <> 'dbo'
ORDER BY members.name
Post #1439481
Posted Friday, April 5, 2013 2:33 PM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Today @ 1:51 PM
Points: 191, Visits: 901
Oops.. As far as permissions, I put it in a SPROC and set the WITH EXECUTE AS OWNER clause to the CREATE PROCEDURE statement and made the owner dbo.

Then gave all database users that needed it the access to run the SPROC.
Post #1439483
Posted Thursday, August 21, 2014 11:10 AM
SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Wednesday, October 1, 2014 3:40 PM
Points: 41, Visits: 91
Hi,

I need to know the list of users who fall under a particular Role.
For example there is a role named :SQLDEVADMINS.
I want to know the list of users who fall under this role.
How can I query the database.

Can anyone help me on this.

Thanks
Nisha V Krishnan
Post #1605932
Posted Friday, August 22, 2014 5:04 PM
SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Wednesday, October 1, 2014 3:40 PM
Points: 41, Visits: 91
Hi All,

I found a way to query the Active Directory service to query the list of groups and the users assigned to that domain groups.
You can get the list of sysadmins on the box by querying as shown below :With the result from the query i was able to short list the users who fall under a particular Group (Group which has sysadmin role).Hope this would help someone.

SELECT p.name AS [loginname] ,
p.type , p.type_desc ,
p.is_disabled,
CONVERT(VARCHAR(10),p.create_date ,101) AS [created],
CONVERT(VARCHAR(10),p.modify_date , 101) AS [update]
FROM sys.server_principals p
JOIN sys.syslogins s ON p.sid = s.sid
--WHERE p.type_desc IN ('SQL_LOGIN', 'WINDOWS_LOGIN', 'WINDOWS_GROUP')
-- Logins that are not process logins
AND p.name NOT LIKE '##%' -- Logins that are sysadmins
AND s.sysadmin = 1

Thanks
Nisha V Krishnan
Post #1606544
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse