Sorry, I'm a security noob:
I've been asked to provide write a script that grants our users that belong to some yet unidentified domain group SELECT access to a table called "NewTable1." To identify the global group, I was told to check out "ReportingTable1" and see who (which domain group) has SELECT access to that table and then grant the same group access to NewTable1.
So, in SSMS (2008 R2), I script ReportingTable1 making sure that the option to script permissions was first enabled. When I inspect the generated scripts for ReportingTable1, I only see VIEW DEFINITION rights granted to various domain groups.
Understanding that one might have rights to see the defintiion of an object but not necesarily the object itself, I realize that having VIEW access does not necessarily mean that one will have SELECT access.
Q: Why don't I see SELECT accesss granted when I clearly have select access?
I realize that for a different db, my local db when I am the admin, that I must have implied SELECT rights on all of the tables simply because I belong to the admin group. Therefore, belonging to a role must also give me access rights associated with that role, yet I am unable to determine what those rights are. Are they implied and well known for all of the built-in roles?
Obviously, I have a lot to learn. I expect flames and suggestions to buy a book and read.
Best Answer
You need to look at the Effective Permissions http://msdn.microsoft.com/en-us/library/ms178358.aspx
I've never understood why there isn't a version of fn_my_permissions http://msdn.microsoft.com/en-us/library/ms176097.aspx which simply takes a user.
To do that you have to EXECUTE AS the other user: http://sqlarea.blogspot.com/2008/04/fnmypermissions.html