如何查看授予Azure SQL Server实例中任何数据库用户的角色和权限?

时间:2015-06-29 16:31:08

标签: sql-server azure azure-sql-database

您是否可以指导我如何查看授予Azure SQL数据库中的任何数据库用户或通常用于MSSQL Server实例的当前角色/权限?

我有以下查询:

SELECT r.name role_principal_name, m.name AS member_principal_name
FROM sys.database_role_members rm 
JOIN sys.database_principals r 
    ON rm.role_principal_id = r.principal_id
JOIN sys.database_principals m 
    ON rm.member_principal_id = m.principal_id
WHERE r.name IN ('loginmanager', 'dbmanager');

我还需要知道授予这些角色“loginmanager”和“dbmanager”的权限是什么?

你可以帮我吗?

4 个答案:

答案 0 :(得分:26)

根据sys.database_permissions的MSDN文档,此查询列出了您已连接到的数据库中的主体明确授予或拒绝的所有权限:

SELECT DISTINCT pr.principal_id, pr.name, pr.type_desc, 
    pr.authentication_type_desc, pe.state_desc, pe.permission_name
FROM sys.database_principals AS pr
JOIN sys.database_permissions AS pe
    ON pe.grantee_principal_id = pr.principal_id;

每个Managing Databases and Logins in Azure SQL Database,loginmanager和dbmanager角色是Azure SQL数据库中可用的两个服务器级安全角色。 loginmanager角色具有创建登录的权限,dbmanager角色具有创建数据库的权限。您可以使用上面针对数据库的查询来查看哪些用户属于这些角色。您还可以通过在连接到用户数据库时使用相同的查询(减去过滤器谓词)来确定用户在每个用户数据库上的角色成员身份。

答案 1 :(得分:7)

要查看分配给用户的数据库角色,可以使用sys.database_role_members

  

以下查询返回数据库角色的成员。

SELECT DP1.name AS DatabaseRoleName,   
    isnull (DP2.name, 'No members') AS DatabaseUserName   
FROM sys.database_role_members AS DRM  
RIGHT OUTER JOIN sys.database_principals AS DP1  
    ON DRM.role_principal_id = DP1.principal_id  
LEFT OUTER JOIN sys.database_principals AS DP2  
    ON DRM.member_principal_id = DP2.principal_id  
WHERE DP1.type = 'R'
ORDER BY DP1.name;

答案 2 :(得分:4)

基于 @tmullaney 的答案,您还可以在sys.objects视图中保持联接状态,以在授予对象显式权限后获得洞察力。确保使用LEFT联接:

SELECT DISTINCT pr.principal_id, pr.name AS [UserName], pr.type_desc AS [User_or_Role], pr.authentication_type_desc AS [Auth_Type], pe.state_desc,
    pe.permission_name, pe.class_desc, o.[name] AS 'Object' 
    FROM sys.database_principals AS pr 
    JOIN sys.database_permissions AS pe ON pe.grantee_principal_id = pr.principal_id
    LEFT JOIN sys.objects AS o on (o.object_id = pe.major_id)

答案 3 :(得分:-1)

如果你想找到关于对象名称,例如特定用户有权限的表名和存储过程,请使用以下查询:

SELECT pr.principal_id, pr.name, pr.type_desc, 
    pr.authentication_type_desc, pe.state_desc, pe.permission_name, OBJECT_NAME(major_id) objectName
FROM sys.database_principals AS pr
JOIN sys.database_permissions AS pe ON pe.grantee_principal_id = pr.principal_id
--INNER JOIN sys.schemas AS s ON s.principal_id =  sys.database_role_members.role_principal_id 
     where pr.name in ('youruser1','youruser2')
相关问题
最新问题