On the Internet I found a lot of scripts how to display users and their permissions under a particular database (Security folder under table) – for example sp_helpuser.
Currently, however, I need to use a query to extract users and their permissions from the root of Security folder in Management Studio.
Can you please tell me how to extract users and permissions (roles) from this folder using the script?
Thank you all in advance for your advice.
Best Answer
It sounds like you are looking for a script similar to this one...
SET ANSI_NULLS ON GO SET QUOTED_IDENTIFIER ON GO SET ANSI_PADDING ON GO
CREATE TABLE [TEMPDB].[DBO].[DB_ROLES]([DBNAME] [SYSNAME] , [USERNAME] [SYSNAME] , [DB_OWNER] VARCHAR ,
[DB_ACCESSADMIN] VARCHAR ,
[DB_SECURITYADMIN] VARCHAR ,
[DB_DDLADMIN] VARCHAR ,
[DB_DATAREADER] VARCHAR ,
[DB_DATAWRITER] VARCHAR ,
[DB_DENYDATAREADER] VARCHAR ,
[DB_DENYDATAWRITER] VARCHAR ,
[DT_CREATE] [DATETIME] NOT NULL,
[DT_UPDATE] [DATETIME] NOT NULL,
[DT_REPORT] [DATETIME] NOT NULL CONSTRAINT [DF__DBROLES__CUR_DAT__3A179ED3] DEFAULT (GETDATE()) ) ON [PRIMARY] GO
INSERT INTO [TEMPDB].[DBO].[DB_ROLES] EXEC SP_MSFOREACHDB 'SELECT''?'' AS DBNAME, USERNAME, MAX(CASE ROLENAME WHEN ''DB_OWNER''THEN ''YES'' ELSE ''NO'' END) AS DB_OWNER, MAX(CASE ROLENAME WHEN ''DB_ACCESSADMIN '' THEN ''YES'' ELSE ''NO'' END) AS DB_ACCESSADMIN ,
MAX(CASE ROLENAME WHEN ''DB_SECURITYADMIN'' THEN ''YES'' ELSE ''NO'' END) AS DB_SECURITYADMIN,
MAX(CASE ROLENAME WHEN ''DB_DDLADMIN'' THEN ''YES'' ELSE ''NO'' END) AS DB_DDLADMIN,
MAX(CASE ROLENAME WHEN ''DB_DATAREADER'' THEN ''YES'' ELSE ''NO'' END) AS DB_DATAREADER,
MAX(CASE ROLENAME WHEN ''DB_DATAWRITER'' THEN ''YES'' ELSE ''NO'' END) AS DB_DATAWRITER,
MAX(CASE ROLENAME WHEN ''DB_DENYDATAREADER'' THEN ''YES'' ELSE ''NO'' END) AS DB_DENYDATAREADER,
MAX(CASE ROLENAME WHEN ''DB_DENYDATAWRITER'' THEN ''YES'' ELSE ''NO'' END) AS DB_DENYDATAWRITER,
CREATEDATE, UPDATEDATE, GETDATE()
FROM (SELECT B.NAME AS USERNAME, C.NAME AS ROLENAME, B.CREATEDATE, B.UPDATEDATE FROM [?].DBO.SYSMEMBERS A JOIN [?].DBO.SYSUSERS B ON A.MEMBERUID = B.UID
JOIN [?].DBO.SYSUSERS C ON A.GROUPUID = C.UID)S
GROUP BY USERNAME, CREATEDATE, UPDATEDATE
ORDER BY USERNAME' SELECT SERVERPROPERTY('SERVERNAME') AS [SERVERNAME], B.NAME AS [LOGINNAME], CASE B.SYSADMIN WHEN '1' THEN 'YES' ELSE 'NO' END AS SYSADMIN, CASE B.SECURITYADMIN WHEN '1' THEN 'YES' ELSE 'NO' END AS SECURITYADMIN, CASE B.SETUPADMIN WHEN '1' THEN 'YES' ELSE 'NO' END AS SETUPADMIN, CASE B.PROCESSADMIN WHEN '1' THEN 'YES' ELSE 'NO' END AS PROCESSADMIN, CASE B.DISKADMIN WHEN '1' THEN 'YES' ELSE 'NO' END AS DISKADMIN, CASE B.DBCREATOR WHEN '1' THEN 'YES' ELSE 'NO' END AS DBCREATOR, CASE B.BULKADMIN WHEN '1' THEN 'YES' ELSE 'NO' END AS BULKADMIN, B.DBNAME AS [DEFAULT_DBNAME], A.* INTO #LOGINS FROM [TEMPDB].[DBO].[DB_ROLES] A RIGHT JOIN MASTER..SYSLOGINS B ON A.USERNAME=B.NAME WHERE B.ISNTUSER=1
SELECT * FROM #LOGINS ORDER BY [LOGINNAME]
DROP TABLE [TEMPDB].[DBO].[DB_ROLES] DROP TABLE #LOGINS