Home Forums SQL Server 2008 T-SQL (SS2K8) Determine unique combinations of permissions assigned to users RE: Determine unique combinations of permissions assigned to users

  • October 13, 2012 at 6:16 pm

    #1548924

    If dynamic pivot will solve your case, here it is: http://sqlwithmanoj.wordpress.com/2011/01/25/dynamic-pivot/[/url]

    But I think you should rethink your concept.

    -- users with object-level permissions in current db

    sp_helprotect NULL, NULL, NULL, 'o'

    -- users with server-level permissions in current db

    sp_helprotect NULL, NULL, NULL, 's'

    -- Object-level permissions for all databases

    IF OBJECT_ID('tempdb..#p','U') is not null DROP TABLE #P

    create table #p

    (DBname nvarchar(500), Owner sysname, Object sysname, Grantee sysname, Grantor sysname,

    ProtectType varchar(100), Action varchar(100), [Column] varchar(100)

    )

    EXEC sp_msforeachdb '

    INSERT INTO #p(Owner, Object, Grantee, Grantor, ProtectType, Action, [Column]) exec ?.dbo.sp_helprotect NULL, NULL, NULL, ''o''

    UPDATE #p SET DBName=''?'' WHERE DBName IS NULL

    '

    select * from #p

    -- Roles granted

    IF OBJECT_ID('tempdb..#g','U') is not null DROP TABLE #G

    CREATE TABLE #g

    (DBName varchar(100), UserName nvarchar(500), GroupName nvarchar(500), LoginName nvarchar(500),

    DefDBName nvarchar(500),

    DefSchemaName nvarchar(500),

    UserID int, SID image

    )

    exec sp_msforeachdb

    '

    insert into #g(UserName, GroupName, LoginName,

    DefDBName,

    DefSchemaName,

    UserID, SID) EXEC sp_helpuser

    UPDATE #g SET DBName=''?'' WHERE DBName IS NULL

    '

    SELECT * FROM #G

    It's straightforward to select distinct from those.

    HTH,

    Vedran

    _____________________________________________________
    Microsoft Certified Master: SQL Server 2008
    XDetails Addin - for SQL Developers
    blog.sqlxdetails.com - Transaction log myths