Blog Post

A Script A Day - Day 11 - User Permissions By Database

,

Today's script will return you permissions granted to a user for every online database.  The script uses EXECUTE AS so you will need permission to impersonate the user and  also uses the fn_my_permissions function so is limited by its functionality.  I have used this script to hunt down what I think are security problems caused by permissions being granted to an individual rather than a group.

/*

      -----------------------------------------------------------------

      User Permissions By Database

      -----------------------------------------------------------------

     

      For more SQL resources, check out SQLServer365.blogspot.com

      -----------------------------------------------------------------

      You may alter this code for your own purposes.

      You may republish altered code as long as you give due credit.

      You must obtain prior permission before blogging this code.

 

      THIS CODE AND INFORMATION ARE PROVIDED "AS IS"

     

      -----------------------------------------------------------------

*/

-- Declare variables

DECLARE

      @intMinLoop INT

      ,@intMaxLoop INT

      ,@strSQL VARCHAR(1000)

      ,@strDatabasename VARCHAR(100)

      ,@strUser VARCHAR(1000)

-- Create table variable

DECLARE @tmpDBtable TABLE

      (

      AutoID INT IDENTITY (1,1)

      ,Databasename VARCHAR(500)

      )

-- SET the User

SET @strUser = 'domain\user' --or for a sql user SET @strUser = 'user'

-- INSERT the database names

INSERT INTO @tmpDBTable

SELECT NAME FROM master.dbo.sysdatabases

WHERE   DATABASEPROPERTYEX(name, 'Status') = 'ONLINE'

-- Setup loop control

SELECT

      @intMinLoop = MIN(autoID)

      ,@intMaxLoop = MAX(autoID)

FROM

      @tmpDBTable

-- Get permissions

WHILE @intMinLoop <= @intMaxLoop

BEGIN

      SELECT @strDatabasename = Databasename FROM @tmpDBTable WHERE @intMinLoop = AutoID

      SELECT @strSQL =

            'USE ['+@strDatabasename+'];

            EXECUTE AS USER = '''+@strUser+''';

            SELECT

            '''+@strDatabasename+''' as DatabaseName

            ,*

            FROM fn_my_permissions(NULL,''Database'');

            REVERT;'

      BEGIN TRY  

            EXEC (@strSQL)

      END TRY

      BEGIN CATCH

            SELECT @@ERROR, ERROR_MESSAGE()

      END CATCH

     

      SET @intMinLoop = @intMinLoop+1

END  

Enjoy!

Chris

Rate

You rated this post out of 5. Change rating

Share

Share

Rate

You rated this post out of 5. Change rating

Related content

Technical Article

Database Mirroring FAQ: Can a 2008 SQL instance be used as the witness for a 2005 database mirroring setup?

Question: Can a 2008 SQL instance be used as the witness for a 2005 database mirroring setup? This question was sent to me via email. My reply follows. Can a 2008 SQL instance be used as the witness for a 2005 database mirroring setup? Databases to be mirrored are currently running on 2005 SQL instances but will be upgraded to 2008 SQL in the near future.

You rated this post out of 5. Change rating

2009-02-23

1,567 reads

Technical Article

Networking - Part 4

You may want to read Part 1 , Part 2 , and Part 3 before continuing. This time around I'd like to talk about social networking. We'll start with social networking. Facebook, MySpace, and Twitter are all good examples of using technology to let...

You rated this post out of 5. Change rating

2009-02-17

1,530 reads

Technical Article

Speaking at Community Events - More Thoughts

Last week I posted Speaking at Community Events - Time to Raise the Bar?, a first cut at talking about to what degree we should require experience for speakers at events like SQLSaturday as well as when it might be appropriate to add additional focus/limitations on the presentations that are accepted. I've got a few more thoughts on the topic this week, and I look forward to your comments.

You rated this post out of 5. Change rating

2009-02-13

360 reads