我需要在一台服务器上列出两个或多个数据库中的所有表。此列表需要包含TableName,Permission \ Securable,Role \ List角色名称和权限的Y / N.
我尝试了几种不同的选项,但结果与去年的报告有显着差异(去年的查询不存在)。
我可能错过了一些明显的东西。发生的事情是表格没有显示在结果中,因为没有明确的权限。然而,去年的报告显示有。所以我认为我只是一起使用错误的方法。
以下是我在上次尝试时尝试使用的代码的“通用”:
SELECT s.name AS [Schema]
, o.name AS Object
-- , u.name AS [User]
, dp.permission_name, dp.state_desc
FROM sys.database_permissions dp
JOIN sys.objects o ON dp.major_id = o.object_id
JOIN sys.schemas s ON o.schema_id = s.schema_id
JOIN sys.database_principals u ON dp.grantee_principal_id = u.principal_id
WHERE o.name = 'tables'--@ObjName
UNION ALL
SELECT s.name AS [Schema]
--, NULL
, u.name AS [User]
, dp.permission_name
, dp.state_desc
FROM sys.database_permissions dp
JOIN sys.schemas s ON dp.major_id = s.schema_id
JOIN sys.database_principals u ON dp.grantee_principal_id = u.principal_id
--ORDER BY s.name, o.name --, u.name
答案 0 :(得分:0)
我所缺少的是隐含权限与显式权限。我假设使用了解释权限,而不是隐含\继承权限。
答案 1 :(得分:0)
我进行了此查询以查看角色对表和视图的权限。
DECLARE @RoleName VARCHAR(MAX) = 'role_gestionale'
IF OBJECT_ID('tempdb..#roles') IS NOT NULL DROP TABLE #roles
SELECT dp.major_id Object_id, dp.permission_name Permission
INTO #roles
FROM sys.database_permissions dp
INNER JOIN sys.database_principals u ON dp.grantee_principal_id = u.principal_id
WHERE u.name=@RoleName
SELECT *
FROM (
SELECT o.type_desc Tipo, s.name AS [SCHEMA], o.name AS [Table]
, (SELECT COUNT(*) FROM #roles r WHERE r.Object_id=o.object_id AND Permission='SELECT') AS [SELECT]
, (SELECT COUNT(*) FROM #roles r WHERE r.Object_id=o.object_id AND Permission='INSERT') AS [INSERT]
, (SELECT COUNT(*) FROM #roles r WHERE r.Object_id=o.object_id AND Permission='UPDATE') AS [UPDATE]
, (SELECT COUNT(*) FROM #roles r WHERE r.Object_id=o.object_id AND Permission='DELETE') AS [DELETE]
FROM sys.objects o
INNER JOIN sys.schemas s ON o.schema_id = s.schema_id
WHERE o.type_desc IN ('USER_TABLE', 'VIEW')
) a
--WHERE [INSERT]=0 OR [SELECT]=0 OR [UPDATE]=0 OR [DELETE]=0
ORDER BY 1, 2, 3
Alessandro Lettieri