Printed 2017/08/19 09:37AM

Rights within the database


This is a follow-on to my post What are the actual rights?

First and foremost, I want to include membership in the fixed database roles. That's fairly easy to pull based on individual users. The db_datareader and db_datawriter roles are naturally of great interest because they grant explicit access to all tables and views. However, if I want to get all the permissions, I need to look deeper. Within an individual database several areas have to be looked at for permissions. They are: Keep in mind that none of this takes into account ownership chaining. Unfortunately, to be able to do that means parsing functions, stored procedures, and views to determine what objects are being accessed and then determining ownership. If we have objects with the same name owned by different owners, we have to evaluate what object is being referenced. There's also the potential of referencing objects in other databases. At this point I'm not interested in going down that path. I'm interested in implicit permissions due to fixed database roles or database ownership and explicit permissions granted to database security principals. So that is the scope I'll be looking at for the time being.

Copyright © 2002-2017 Redgate. All Rights Reserved. Privacy Policy. Terms of Use. Report Abuse.