Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Sql Server- how to check what permissions a specific user has

Posted on 2011-09-08
7
Medium Priority
?
282 Views
Last Modified: 2012-05-12
How can I tell what db permissions my windows username has on our SQL server databases?  I have access to Sql Server 2008 R2 Management Studio, I just don't know where to look.  All of our db's use windows authentication. Thanks.
0
Comment
Question by:snyperj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 5

Expert Comment

by:DavidMorrison
ID: 36506036
Hi,

so the sql server security model is two fold, firstly there is server security which are logins, found in the security -> logins folder of the server.

each database then has users (same place but at DB level, Security -> Users) and a login is mapped to a user per database and it is the user that defines the permissions at the database level.


Hope this answers your questions


Thanks

Dave
0
 
LVL 40

Expert Comment

by:lcohan
ID: 36506089
The code below should give you all user rights in a database but if you want only one login than you can just run: SELECT * FROM fn_my_permissions(NULL, 'DATABASE')


select
 sysusers.name as username, sysusers.gid,
 sysobjects.name as objectname, sysobjects.id,
 CASE WHEN sysprotects_1.action is null THEN CASE WHEN sys.sysobjects.xtype = 'P' THEN 'N/A' ELSE 'No' END ELSE 'Yes' END as 'SELECT',
 CASE WHEN sysprotects_2.action is null THEN CASE WHEN sys.sysobjects.xtype = 'P' THEN 'N/A' ELSE 'No' END ELSE 'Yes' END as 'INSERT',
 CASE WHEN sysprotects_3.action is null THEN CASE WHEN sys.sysobjects.xtype = 'P' THEN 'N/A' ELSE 'No' END ELSE 'Yes' END as 'UPDATE',
 CASE WHEN sysprotects_4.action is null THEN CASE WHEN sys.sysobjects.xtype = 'P' THEN 'N/A' ELSE 'No' END ELSE 'Yes' END as 'DELETE',
 CASE WHEN sysprotects_5.action is null THEN CASE WHEN sys.sysobjects.xtype = 'U' THEN 'N/A' ELSE 'No' END ELSE 'Yes' END as 'EXECUTE'
from
 sys.sysusers
 full join sys.sysobjects on ( sysobjects.xtype in ( 'P', 'U' ) and sysobjects.Name NOT LIKE 'dt%' )
 left join sys.sysprotects as sysprotects_1
  on sysprotects_1.uid = sysusers.uid and sysprotects_1.id = sysobjects.id and sysprotects_1.action = 193 and sysprotects_1.protecttype in ( 204, 205 )
 left join sys.sysprotects as sysprotects_2
  on sysprotects_2.uid = sysusers.uid and sysprotects_2.id = sysobjects.id and sysprotects_2.action = 195 and sysprotects_2.protecttype in ( 204, 205 )
 left join sys.sysprotects as sysprotects_3
  on sysprotects_3.uid = sysusers.uid and sysprotects_3.id = sysobjects.id and sysprotects_3.action = 197 and sysprotects_3.protecttype in ( 204, 205 )
 left join sys.sysprotects as sysprotects_4
  on sysprotects_4.uid = sysusers.uid and sysprotects_4.id = sysobjects.id and sysprotects_4.action = 196 and sysprotects_4.protecttype in ( 204, 205 )
 left join sys.sysprotects as sysprotects_5
  on sysprotects_5.uid = sysusers.uid and sysprotects_5.id = sysobjects.id and sysprotects_5.action = 224 and sysprotects_5.protecttype in ( 204, 205 )
where -- sys.sysusers.name = 'beny'            -- by USER
            sysobjects.name = 'clients'      -- by OBJECT
order by
 sysusers.name, sysobjects.name

0
 

Author Comment

by:snyperj
ID: 36506244
Well, I was in the right place, but, it looks like they way we our configured- everything is by groups.  There are no individual user names in the Users folder, just group names.    However when I click on one of them... I don't see where it tells me what usernames are in the group.

In line with that, lcohan, the query comes back empty..
0
Will your db performance match your db growth?

In Percona’s white paper “Performance at Scale: Keeping Your Database on Its Toes,” we take a high-level approach to what you need to think about when planning for database scalability.

 
LVL 40

Accepted Solution

by:
lcohan earned 2000 total points
ID: 36506349
groups? Like NT groups I ssume right? and NT logins part of the local group?
If you're talking about roles this make more sense for a SQL (and not only) database security model in which case you can run sp_helprolemember in the DB.
0
 

Author Comment

by:snyperj
ID: 36506402
hee hee... ok, I am really a novice.  I found it 'sp_helpfrolemember'   ... how do I run it?
0
 

Author Comment

by:snyperj
ID: 36506429
I figured it out... thanks for the help
0
 
LVL 40

Expert Comment

by:lcohan
ID: 36511687
No problem - anytime.
That's why we meet here to share our knowledge and help if we can.
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ever wondered why sometimes your SQL Server is slow or unresponsive with connections spiking up but by the time you go in, all is well? The following article will show you how to install and configure a SQL job that will send you email alerts includ…
This article shows gives you an overview on SQL Server 2016 row level security. You will also get to know the usages of row-level-security and how it works
Via a live example, show how to backup a database, simulate a failure backup the tail of the database transaction log and perform the restore.
Via a live example, show how to setup several different housekeeping processes for a SQL Server.

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question