November 7, 2005 at 12:32 am
hi ,
i need to check object level permissions for a particular logins/roles , i can not check throum EM since there are lot of logins so can anybody help me out on this with any script or other way.
Thanks
November 7, 2005 at 4:32 am
hi there:
You can use the followings script, fist script will give you list of permissions on tables/views; second one will list permissions for the Stored procedures
/*List permissions on tables*/
--
--delete the 'work' table
--
drop table #T1
go
--
--populate the 'work' table
--
select case
when issqluser=1 then 'SQL User'
when isntuser=1 then 'NT User'
when isntgroup=1 then 'NT Group'
when isntname=1 then 'NT Group or User'
when issqlrole=1 then 'SQL Group/Role'
end 'User Type',
user_name(pro.uid) 'User/Group Name',
--pro.id,
--obj.id,
obj.name,
--pro.uid,
--pro.action,
case
when pro.action = 193 then 'X'
else ' '
end as 'SELECT',
case
when pro.action = 195 then 'X'
else ' '
end as 'INSERT',
case
when pro.action = 196 then 'X'
else ' '
end as 'UPDATE',
case
when pro.action = 197 then 'X'
else ' '
end as 'DELETE'
into #T1
from sysprotects pro
join sysobjects obj
on pro.id=obj.id
join sysusers su
on pro.uid=su.uid
where obj.type in('U','V')
and pro.action in (193, 195, 196, 197)
go
--
--Results in table Name, User Type, User/Group name order
--
select cast([name] as char(30)) 'Table Name',
[User Type],
cast([User/Group Name] as char(30)) 'User/Group Name',
max([SELECT]) 'Select',
max([INSERT]) 'Insert',
max([UPDATE]) 'Update',
max([DELETE]) 'Delete'
from #t1
group by
[name],
[User Type],
[User/Group Name]
go
/*list permissions per SP*/
drop table #t2
go
select case
when issqluser=1 then 'SQL User'
when isntuser=1 then 'NT User'
when isntgroup=1 then 'NT Group'
when isntname=1 then 'NT Group or User'
when issqlrole=1 then 'SQL Group/Role'
end 'User Type',
user_name(pro.uid) 'User/Group Name',
--pro.id,
--obj.id,
obj.name,
--pro.uid,
--pro.action,
case
when pro.action = 224 then 'X'
else ' '
end as 'EXECUTE'
into #t2
from sysprotects pro
join sysobjects obj
on pro.id=obj.id
join sysusers su
on pro.uid=su.uid
where obj.type='P'
and pro.action in (224)
go
--results by proc name
--
select cast([name] as char(30)) 'Procedure Name',
[User Type],
cast([User/Group Name] as char(30)) 'User/Group Name',
[Execute]
from #t2
order by
[name],
[User Type],
[User/Group Name]
go
Please feel free to alter these scripts to meet your requirements; let me know what changes you have made...
HTH,
Thnx/Rgds,
Viewing 2 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply