SQL服务器:获取包含列级权限的用户权限
SQL Server : get permissions of user containing column level permissions
我发现以下非常有用的 SQL 服务器代码获取 SQL 服务器数据库中用户(此处为 testuser)的所有权限:
EXECUTE AS USER = 'DOMAIN\testuser';
-- Server rights
SELECT * FROM fn_my_permissions(NULL, 'SERVER');
-- Database rights
SELECT * FROM fn_my_permissions(NULL, 'DATABASE');
-- Specific per object rights
SELECT
T.TABLE_TYPE AS OBJECT_TYPE, T.TABLE_SCHEMA AS [SCHEMA_NAME],
T.TABLE_NAME AS [OBJECT_NAME], P.PERMISSION_NAME
FROM
INFORMATION_SCHEMA.TABLES T
CROSS APPLY
fn_my_permissions(T.TABLE_SCHEMA + '.' + T.TABLE_NAME, 'OBJECT') P
WHERE
P.subentity_name = ''
UNION
SELECT
R.ROUTINE_TYPE AS OBJECT_TYPE, R.ROUTINE_SCHEMA AS [SCHEMA_NAME],
R.ROUTINE_NAME AS [OBJECT_NAME], P.PERMISSION_NAME
FROM
INFORMATION_SCHEMA.ROUTINES R
CROSS APPLY
fn_my_permissions(R.ROUTINE_SCHEMA + '.' + R.ROUTINE_NAME, 'OBJECT') P
ORDER BY
OBJECT_TYPE, [SCHEMA_NAME], [OBJECT_NAME], P.PERMISSION_NAME
REVERT;
GO
但我还需要此代码未显示的列级权限。
任何人都可以扩展代码,使其也 returns 列级权限吗?
非常感谢,
fn_my_permissions 中的 subentity_name 专栏应该可以满足您的需求。
-- Specific per object rigths
SELECT T.TABLE_TYPE AS OBJECT_TYPE, T.TABLE_SCHEMA AS [SCHEMA_NAME], T.TABLE_NAME AS [OBJECT_NAME], NULLIF(P.subentity_name, '') as COLUMN_NAME, P.PERMISSION_NAME FROM INFORMATION_SCHEMA.TABLES T
CROSS APPLY fn_my_permissions(T.TABLE_SCHEMA + '.' + T.TABLE_NAME, 'OBJECT') P
UNION
SELECT R.ROUTINE_TYPE AS OBJECT_TYPE, R.ROUTINE_SCHEMA AS [SCHEMA_NAME], R.ROUTINE_NAME AS [OBJECT_NAME], NULLIF(P.subentity_name, '') as COLUMN_NAME, P.PERMISSION_NAME
FROM INFORMATION_SCHEMA.ROUTINES R
CROSS APPLY fn_my_permissions(R.ROUTINE_SCHEMA + '.' + R.ROUTINE_NAME, 'OBJECT') P
ORDER BY OBJECT_TYPE, [SCHEMA_NAME], [OBJECT_NAME], COLUMN_NAME, P.PERMISSION_NAME
我发现以下非常有用的 SQL 服务器代码获取 SQL 服务器数据库中用户(此处为 testuser)的所有权限:
EXECUTE AS USER = 'DOMAIN\testuser';
-- Server rights
SELECT * FROM fn_my_permissions(NULL, 'SERVER');
-- Database rights
SELECT * FROM fn_my_permissions(NULL, 'DATABASE');
-- Specific per object rights
SELECT
T.TABLE_TYPE AS OBJECT_TYPE, T.TABLE_SCHEMA AS [SCHEMA_NAME],
T.TABLE_NAME AS [OBJECT_NAME], P.PERMISSION_NAME
FROM
INFORMATION_SCHEMA.TABLES T
CROSS APPLY
fn_my_permissions(T.TABLE_SCHEMA + '.' + T.TABLE_NAME, 'OBJECT') P
WHERE
P.subentity_name = ''
UNION
SELECT
R.ROUTINE_TYPE AS OBJECT_TYPE, R.ROUTINE_SCHEMA AS [SCHEMA_NAME],
R.ROUTINE_NAME AS [OBJECT_NAME], P.PERMISSION_NAME
FROM
INFORMATION_SCHEMA.ROUTINES R
CROSS APPLY
fn_my_permissions(R.ROUTINE_SCHEMA + '.' + R.ROUTINE_NAME, 'OBJECT') P
ORDER BY
OBJECT_TYPE, [SCHEMA_NAME], [OBJECT_NAME], P.PERMISSION_NAME
REVERT;
GO
但我还需要此代码未显示的列级权限。
任何人都可以扩展代码,使其也 returns 列级权限吗?
非常感谢,
fn_my_permissions 中的 subentity_name 专栏应该可以满足您的需求。
-- Specific per object rigths
SELECT T.TABLE_TYPE AS OBJECT_TYPE, T.TABLE_SCHEMA AS [SCHEMA_NAME], T.TABLE_NAME AS [OBJECT_NAME], NULLIF(P.subentity_name, '') as COLUMN_NAME, P.PERMISSION_NAME FROM INFORMATION_SCHEMA.TABLES T
CROSS APPLY fn_my_permissions(T.TABLE_SCHEMA + '.' + T.TABLE_NAME, 'OBJECT') P
UNION
SELECT R.ROUTINE_TYPE AS OBJECT_TYPE, R.ROUTINE_SCHEMA AS [SCHEMA_NAME], R.ROUTINE_NAME AS [OBJECT_NAME], NULLIF(P.subentity_name, '') as COLUMN_NAME, P.PERMISSION_NAME
FROM INFORMATION_SCHEMA.ROUTINES R
CROSS APPLY fn_my_permissions(R.ROUTINE_SCHEMA + '.' + R.ROUTINE_NAME, 'OBJECT') P
ORDER BY OBJECT_TYPE, [SCHEMA_NAME], [OBJECT_NAME], COLUMN_NAME, P.PERMISSION_NAME