I'm cataloging memberships of DB users in the various fixed DB roles so that I can create custom roles by business function and grant permissions through these custom roles only.
When using SSMS to review the membership of a fixed role (i.e., db_datareader
), I'm seeing both the custom role I made a member of db_datareader
as well as the users that I member of the custom role only.
Is SSMS is performing nested lookups that are not performed by the sp_helprolemember
stored procedure? In Remarks from this MSDN article, the stored procedure doesn't perform the nested lookups but SSMS appears to do so without a visual cue to differentiate direct vs. indirect grants.
Best Answer
I'm not sure of the answer about the sp_helprolemember, but when I'm looking into user permissions, I use the query below. It's very much a work in progress and I'm always tweaking something about it. Designed for SQL2012.