MSSQL:列出每个用户在多个数据库中的数据库成员角色
MSSQL: List database membership roles of each user in several databases
我有好几个数据库,都在database/security/users文件夹下有用户(如图左边:
我需要一个查询,它可以列出每个用户的角色成员资格(如上图右侧所示,当前用户,称为 User2,具有 none)。 这些是我要为每个用户列出的角色。
这是我以前用过的类似的东西,用于不同的目的(列出 /Security/Logins 文件夹下登录的服务器角色,而不是 DatabaseName/Security/Users 文件夹下用户的成员角色):
SELECT
spU.name
,MAX(CASE WHEN srm.role_principal_id = 3 THEN 1 END) AS sysadmin
,MAX(CASE WHEN srm.role_principal_id = 4 THEN 1 END) AS securityadmin
,MAX(CASE WHEN srm.role_principal_id = 5 THEN 1 END) AS serveradmin
,MAX(CASE WHEN srm.role_principal_id = 6 THEN 1 END) AS setupadmin
,MAX(CASE WHEN srm.role_principal_id = 7 THEN 1 END) AS processadmin
,MAX(CASE WHEN srm.role_principal_id = 8 THEN 1 END) AS diskadmin
,MAX(CASE WHEN srm.role_principal_id = 9 THEN 1 END) AS dbcreator
,MAX(CASE WHEN srm.role_principal_id = 10 THEN 1 END) AS bulkadmin
FROM
sys.server_principals AS spR
JOIN
sys.server_role_members AS srm
ON
spR.principal_id = srm.role_principal_id
JOIN
sys.server_principals AS spU
ON
srm.member_principal_id = spU.principal_id
WHERE
spR.[type] = 'R'
and spU.name not like '##MS%'
and spU.name not like 'NT%'
GROUP BY
spU.name
这些不是我要找的角色,这只是为了让我更容易理解我希望输出的格式。
无论如何,此查询的输出如下所示:
我当前任务的类似输出(列出 database/security/users/ 文件夹下每个用户的成员角色)会很好,但欢迎使用任何其他方式列出成员角色。
在为当前数据库中的每个用户完成成员角色列表查询后,我想让它在多个数据库上工作,这将在 sp_MSforeachdb 的帮助下完成。当我设法解决问题时,我将编辑此 post。
如果有人需要的话,这个代码是最终有效的代码:
EXEC sp_MSforeachdb '
IF ''?'' NOT IN (''master'',''msdb'',''tempdb'', ''model'')
BEGIN
USE [?]
SELECT
spU.name
,MAX(CASE WHEN srm.role_principal_id = 16384 THEN 1 END) AS db_owner
,MAX(CASE WHEN srm.role_principal_id = 16385 THEN 1 END) AS db_accessadmin
,MAX(CASE WHEN srm.role_principal_id = 16386 THEN 1 END) AS db_securityadmin
,MAX(CASE WHEN srm.role_principal_id = 16387 THEN 1 END) AS db_dlladmin
,MAX(CASE WHEN srm.role_principal_id = 16389 THEN 1 END) AS db_backupoperator
,MAX(CASE WHEN srm.role_principal_id = 16390 THEN 1 END) AS db_datareader
,MAX(CASE WHEN srm.role_principal_id = 16391 THEN 1 END) AS db_datawriter
,MAX(CASE WHEN srm.role_principal_id = 16392 THEN 1 END) AS db_denydatareader
,MAX(CASE WHEN srm.role_principal_id = 16393 THEN 1 END) AS db_denydatawriter
FROM
[?].sys.database_principals AS spR
JOIN
[?].sys.database_role_members AS srm
ON
spR.principal_id = srm.role_principal_id
JOIN
[?].sys.database_principals AS spU
ON
srm.member_principal_id = spU.principal_id
GROUP BY
spU.name
END'
我有好几个数据库,都在database/security/users文件夹下有用户(如图左边:
我需要一个查询,它可以列出每个用户的角色成员资格(如上图右侧所示,当前用户,称为 User2,具有 none)。 这些是我要为每个用户列出的角色。
这是我以前用过的类似的东西,用于不同的目的(列出 /Security/Logins 文件夹下登录的服务器角色,而不是 DatabaseName/Security/Users 文件夹下用户的成员角色):
SELECT
spU.name
,MAX(CASE WHEN srm.role_principal_id = 3 THEN 1 END) AS sysadmin
,MAX(CASE WHEN srm.role_principal_id = 4 THEN 1 END) AS securityadmin
,MAX(CASE WHEN srm.role_principal_id = 5 THEN 1 END) AS serveradmin
,MAX(CASE WHEN srm.role_principal_id = 6 THEN 1 END) AS setupadmin
,MAX(CASE WHEN srm.role_principal_id = 7 THEN 1 END) AS processadmin
,MAX(CASE WHEN srm.role_principal_id = 8 THEN 1 END) AS diskadmin
,MAX(CASE WHEN srm.role_principal_id = 9 THEN 1 END) AS dbcreator
,MAX(CASE WHEN srm.role_principal_id = 10 THEN 1 END) AS bulkadmin
FROM
sys.server_principals AS spR
JOIN
sys.server_role_members AS srm
ON
spR.principal_id = srm.role_principal_id
JOIN
sys.server_principals AS spU
ON
srm.member_principal_id = spU.principal_id
WHERE
spR.[type] = 'R'
and spU.name not like '##MS%'
and spU.name not like 'NT%'
GROUP BY
spU.name
这些不是我要找的角色,这只是为了让我更容易理解我希望输出的格式。 无论如何,此查询的输出如下所示:
我当前任务的类似输出(列出 database/security/users/ 文件夹下每个用户的成员角色)会很好,但欢迎使用任何其他方式列出成员角色。
在为当前数据库中的每个用户完成成员角色列表查询后,我想让它在多个数据库上工作,这将在 sp_MSforeachdb 的帮助下完成。当我设法解决问题时,我将编辑此 post。
如果有人需要的话,这个代码是最终有效的代码:
EXEC sp_MSforeachdb '
IF ''?'' NOT IN (''master'',''msdb'',''tempdb'', ''model'')
BEGIN
USE [?]
SELECT
spU.name
,MAX(CASE WHEN srm.role_principal_id = 16384 THEN 1 END) AS db_owner
,MAX(CASE WHEN srm.role_principal_id = 16385 THEN 1 END) AS db_accessadmin
,MAX(CASE WHEN srm.role_principal_id = 16386 THEN 1 END) AS db_securityadmin
,MAX(CASE WHEN srm.role_principal_id = 16387 THEN 1 END) AS db_dlladmin
,MAX(CASE WHEN srm.role_principal_id = 16389 THEN 1 END) AS db_backupoperator
,MAX(CASE WHEN srm.role_principal_id = 16390 THEN 1 END) AS db_datareader
,MAX(CASE WHEN srm.role_principal_id = 16391 THEN 1 END) AS db_datawriter
,MAX(CASE WHEN srm.role_principal_id = 16392 THEN 1 END) AS db_denydatareader
,MAX(CASE WHEN srm.role_principal_id = 16393 THEN 1 END) AS db_denydatawriter
FROM
[?].sys.database_principals AS spR
JOIN
[?].sys.database_role_members AS srm
ON
spR.principal_id = srm.role_principal_id
JOIN
[?].sys.database_principals AS spU
ON
srm.member_principal_id = spU.principal_id
GROUP BY
spU.name
END'