Blog Post

What are the actual rights?


One of the things I've started to work on are some scripts to quickly

be able to pull what a user's actual rights are within SQL Server. This

is a question often asked by auditors and it would be great to give

them a comprehensive answer. Just keying off the username isn't

typically sufficient. After all, a user could have membership through

groups, and access can be obscured because of roles, because of

database ownership, etc. When you consider the web that can be formed

with multiple roles, etc., it can be quite confusing to determine

exactly what a particular user can do.

I'll post more as I make progress in this regard.