Solved

sybase - get list of tables with permissions for each user group

Posted on 2009-04-02
6
6,670 Views
Last Modified: 2012-05-06
Hi I have query on Sybase DBA ....

Basically I need to create list of tables on sybase database with having permissions from each user group...
i.e.
columns
- table name
- user group 1
- user group 2
- user group 3..

values
- table name
- read
- write/execute

or something. So far I do not see good way to generate such a report.
For format itself I do not mind too much , would somebody please help me how I can workout?


0
Comment
Question by:sleepingluke
  • 3
  • 3
6 Comments
 
LVL 24

Expert Comment

by:Joe Woodhouse
ID: 24056652
Are the number of groups fixed (and small)? Are you only considering groups? What about permissions granted individually to single users, and to server-wide roles?
0
 

Author Comment

by:sleepingluke
ID: 24056821
Hi Joe,

Numbers of groups fixed, say 5 or 6. And I am considering groups only as there should not have any individual to have special permission. But to server wide like to double check .... (if not too difficult) but I am fine without server wide..
0
 
LVL 24

Accepted Solution

by:
Joe Woodhouse earned 500 total points
ID: 24057740
Take a look at the source text for sp_helprotect in sybsystemprocs. It will give you most of what you want. From there it's a fairly simple matter to turn it into a crosstab of the sort you want.

I can't get in front of an ASE just at the moment or I'd have some SQL for you. I'll have a go later. :)
0
Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

 

Author Comment

by:sleepingluke
ID: 24058457
thank you very much, this outcome looks useful to me, I can use excel to sort this result for my purpose.
I can't read such a SP in short time in proper way, but if you could give me example for my future would you please?
0
 

Author Closing Comment

by:sleepingluke
ID: 31566073
thank you very much!
0
 
LVL 24

Expert Comment

by:Joe Woodhouse
ID: 24058545
I'll go through this in several steps, especially as I don't have an ASE to actually test any of this in! :)

The information you want is in sysprotects (in each database). We can get a very basic form like this, in code #1 below:

That will produce output like this:

table1    group1    select
table1    group1    insert
table1    group2    select
[etc]

If you're extracting into Excel or some other spreadsheet that should be all you need for what you want here. We can do it natively in SQL but I'm reluctant to try without an ASE to run it in... (don't want to give you bad SQL!)

-- #1
 
select    o.name as "Object name"
,         u.name as "User/group name"
,         case when p.action = 193 then "select"
               when p.action = 195 then "insert"
               when p.action = 196 then "delete"
               when p.action = 197 then "update"
               when p.action = 224 then "execute"
               else "other"
          end as "Permission"
from      sysobjects o
,         sysprotects p
,         sysusers u
where     o.id = p.id
and       p.uid = u.uid
order by  o.name, u.name, p.action

Open in new window

0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Learn how the use of a bunch of disparate tools requiring a lot of manual attention led to a series of unfortunate backup events for one company.
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

806 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question