标签:
一,在Database level上,主要有 sys.database_principals, sys.database_permissions 和 sys.database_role_members。
Script1,查询数据库中 role 和 其Member(SQL User)的关系
select dbp_r.name as RoleName,dbp_r.type_desc as RoleTypeDesc, dbp_r.authentication_type_desc as Role_authentication_type_desc, dbp_u.name as UserName,dbp_u.type_desc as UserTypeDesc, dbp_u.authentication_type_desc as user_authentication_type_desc from sys.database_role_members dbrm inner join sys.database_principals dbp_r on dbrm.role_principal_id=dbp_r.principal_id and dbp_r.type=N‘R‘ inner join sys.database_principals dbp_u on dbrm.member_principal_id=dbp_u.principal_id and dbp_u.type =N‘S‘
Script2,
SELECT pr.principal_id, pr.name, pr.type_desc, pr.authentication_type_desc, pe.permission_name,pe.class_desc,pe.state_desc FROM sys.database_principals AS pr Inner JOIN sys.database_permissions AS pe ON pe.grantee_principal_id = pr.principal_id;
Script3,Listing permissions on schemas or objects within a database
--查看对Object授予的权限 SELECT pr.principal_id, pr.name, pr.type_desc, pr.authentication_type_desc, pe.state_desc, pe.permission_name,pe.class_desc, s.name + ‘.‘ + o.name AS ObjectName FROM sys.database_principals AS pr JOIN sys.database_permissions AS pe ON pe.grantee_principal_id = pr.principal_id JOIN sys.objects AS o ON pe.major_id = o.object_id JOIN sys.schemas AS s ON o.schema_id = s.schema_id where pe.class =1; --查看对Schema授予的权限 SELECT pr.principal_id, pr.name, pr.type_desc, pr.authentication_type_desc, pe.state_desc, pe.permission_name,pe.class_desc, s.name AS SchemaName FROM sys.database_principals AS pr JOIN sys.database_permissions AS pe ON pe.grantee_principal_id = pr.principal_id JOIN sys.schemas AS s ON pe.major_id = s.schema_id where pe.class =3;
参考:sys.database_permissions (Transact-SQL)
二,在Server Level上,后续研究....
参考文档:
Security Catalog Views (Transact-SQL)
标签:
原文地址:http://www.cnblogs.com/ljhdo/p/5176563.html
