Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Sql Server- how to check what permissions a specific user has

Posted on 2011-09-08
7
Medium Priority
?
283 Views
Last Modified: 2012-05-12
How can I tell what db permissions my windows username has on our SQL server databases?  I have access to Sql Server 2008 R2 Management Studio, I just don't know where to look.  All of our db's use windows authentication. Thanks.
0
Comment
Question by:snyperj
  • 3
  • 3
7 Comments
 
LVL 5

Expert Comment

by:DavidMorrison
ID: 36506036
Hi,

so the sql server security model is two fold, firstly there is server security which are logins, found in the security -> logins folder of the server.

each database then has users (same place but at DB level, Security -> Users) and a login is mapped to a user per database and it is the user that defines the permissions at the database level.


Hope this answers your questions


Thanks

Dave
0
 
LVL 40

Expert Comment

by:lcohan
ID: 36506089
The code below should give you all user rights in a database but if you want only one login than you can just run: SELECT * FROM fn_my_permissions(NULL, 'DATABASE')


select
 sysusers.name as username, sysusers.gid,
 sysobjects.name as objectname, sysobjects.id,
 CASE WHEN sysprotects_1.action is null THEN CASE WHEN sys.sysobjects.xtype = 'P' THEN 'N/A' ELSE 'No' END ELSE 'Yes' END as 'SELECT',
 CASE WHEN sysprotects_2.action is null THEN CASE WHEN sys.sysobjects.xtype = 'P' THEN 'N/A' ELSE 'No' END ELSE 'Yes' END as 'INSERT',
 CASE WHEN sysprotects_3.action is null THEN CASE WHEN sys.sysobjects.xtype = 'P' THEN 'N/A' ELSE 'No' END ELSE 'Yes' END as 'UPDATE',
 CASE WHEN sysprotects_4.action is null THEN CASE WHEN sys.sysobjects.xtype = 'P' THEN 'N/A' ELSE 'No' END ELSE 'Yes' END as 'DELETE',
 CASE WHEN sysprotects_5.action is null THEN CASE WHEN sys.sysobjects.xtype = 'U' THEN 'N/A' ELSE 'No' END ELSE 'Yes' END as 'EXECUTE'
from
 sys.sysusers
 full join sys.sysobjects on ( sysobjects.xtype in ( 'P', 'U' ) and sysobjects.Name NOT LIKE 'dt%' )
 left join sys.sysprotects as sysprotects_1
  on sysprotects_1.uid = sysusers.uid and sysprotects_1.id = sysobjects.id and sysprotects_1.action = 193 and sysprotects_1.protecttype in ( 204, 205 )
 left join sys.sysprotects as sysprotects_2
  on sysprotects_2.uid = sysusers.uid and sysprotects_2.id = sysobjects.id and sysprotects_2.action = 195 and sysprotects_2.protecttype in ( 204, 205 )
 left join sys.sysprotects as sysprotects_3
  on sysprotects_3.uid = sysusers.uid and sysprotects_3.id = sysobjects.id and sysprotects_3.action = 197 and sysprotects_3.protecttype in ( 204, 205 )
 left join sys.sysprotects as sysprotects_4
  on sysprotects_4.uid = sysusers.uid and sysprotects_4.id = sysobjects.id and sysprotects_4.action = 196 and sysprotects_4.protecttype in ( 204, 205 )
 left join sys.sysprotects as sysprotects_5
  on sysprotects_5.uid = sysusers.uid and sysprotects_5.id = sysobjects.id and sysprotects_5.action = 224 and sysprotects_5.protecttype in ( 204, 205 )
where -- sys.sysusers.name = 'beny'            -- by USER
            sysobjects.name = 'clients'      -- by OBJECT
order by
 sysusers.name, sysobjects.name

0
 

Author Comment

by:snyperj
ID: 36506244
Well, I was in the right place, but, it looks like they way we our configured- everything is by groups.  There are no individual user names in the Users folder, just group names.    However when I click on one of them... I don't see where it tells me what usernames are in the group.

In line with that, lcohan, the query comes back empty..
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
LVL 40

Accepted Solution

by:
lcohan earned 2000 total points
ID: 36506349
groups? Like NT groups I ssume right? and NT logins part of the local group?
If you're talking about roles this make more sense for a SQL (and not only) database security model in which case you can run sp_helprolemember in the DB.
0
 

Author Comment

by:snyperj
ID: 36506402
hee hee... ok, I am really a novice.  I found it 'sp_helpfrolemember'   ... how do I run it?
0
 

Author Comment

by:snyperj
ID: 36506429
I figured it out... thanks for the help
0
 
LVL 40

Expert Comment

by:lcohan
ID: 36511687
No problem - anytime.
That's why we meet here to share our knowledge and help if we can.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have a large data set and a SSIS package. How can I load this file in multi threading?
This month, Experts Exchange sat down with resident SQL expert, Jim Horn, for an in-depth look into the makings of a successful career in SQL.
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
Via a live example, show how to shrink a transaction log file down to a reasonable size.

927 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question