SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 

What are my permissions?

Permissions are a common concern. One of the most frequent requests I get is I need X, Y and Z permissions. And all too often the conversation goes like this:

Dev: I need write permission to this database.
Me: Ok.
Me: Checks their current permissions.
Me: You already have that permission.
Dev: Oh, ok, thanks.

It would certainly make my life a lot easier if there was a way for people to check their own permissions. Oh wait, there is!

sys.fn_my_permissions

This handy dandy function will tell you what your effective permissions are for any given object. That means if you have SELECT permissions from one role, and INSERT from another then this will show that you have SELECT, INSERT permissions. Note: It does not tell you where those permissions come from. Just what you have.

Now, I said object. That object, among other things, could be a database object (sp, table, etc), schema, the server, or even a database. See the link above for the full list. The syntax is pretty simple:

SELECT * FROM sys.fn_my_permissions(‘[object name]’,'[object type]’)

Example using the system view sys.tables

SELECT * FROM sys.fn_my_permissions('sys.tables','object');

Last comment on this. I usually have sysadmin permissions so I have all the permissions, so why would I ever need to use this? One word.

Impersonation

If you impersonate someone, you can then use this same system function to look at their effective permissions. Which in the end, is one of the easiest/fastest ways to check permissions for a specific object. (See the conversation above.)

SQLStudies

My name is Kenneth Fisher and I am Senior DBA for a large (multi-national) insurance company. I have been working with databases for over 20 years starting with Clarion and Foxpro. I’ve been working with SQL Server for 12 years but have only really started “studying” the subject for the last 3. I don’t have any real "specialities" but I enjoy trouble shooting and teaching. Thus far I’ve earned by MCITP Database Administrator 2008, MCTS Database Administrator 2005, and MCTS Database Developer 2008. I’m currently studying for my MCITP Database Developer 2008 and should start in on the 2012 exams next year. My blog is at www.sqlstudies.com.

Comments

Leave a comment on the original post [sqlstudies.com, opens in a new window]

Loading comments...