Sign in
 
Home20122008 R2200820052000LibraryForums

none
Need to generate SQL Server login,user,role and permission report

 > 

    Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    I need to generate SQL Server security audit report in following format :

    Loginname- ServerRole-DBName-DBRole-ObjectName-Permission

    L1-Syadmin-test-datareader-null-null

    L1-Syadmin-Test-dbo-ufn_t1-execute

    L1-Suadmin-test-CRole1-T2-Write

    L1-dbcreator-test2-datareader-null-null

    If anybody has any T-SQL handy , please pass it to me . Your help will be very much appreciated. Thanks a ton in an advance  !!!

    .*´¨) ¸.·´¸.·´¨) ¸.·*¨) (¸.·´ (¸.·´ .·´ (´¸.·* *·.¸.´¯`> Krunal

    Tuesday, October 16, 2012 12:34 PM
    |
    |

Answers

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    IF PERMISSIONS()&2=2
       CREATE TABLE test_table (col1 INT)
    ELSE
       PRINT 'ERROR: The current user cannot create a table.'
    --------
    This example determines whether the current user can
     grant the INSERT permission on the authors table to another user.

    IF PERMISSIONS(OBJECT_ID('authors'))&0x80000=0x80000
       PRINT 'INSERT on authors is grantable.'
    ELSE
       PRINT 'You may not GRANT INSERT permissions on authors.'

    ------http://msdn.microsoft.com/library/default.asp?url=/library/en-us/tsqlref/ts_pa-pz_6f78.asp> How can I retrieve a list of objects and permissions for a specified role?
    ------------------------------------------------------------------------------

    SELECT HAS_DBACCESS ( 'database_name' )
    SELECT HAS_PERMS_BY_NAME('Adventureworks2008', 'DATABASE', 'BACKUP DATABASE');


    In SQL Server 2005, you can use the Has_Perms_By_Name() function 
    (http://msdn2.microsoft.com/en-us/library/ms189802.aspx).

    > For example, I would like to list all stored procedures which a role has 
    > execute permission for.

    This is an example of usage:

    SELECT o.SchemaAndName,
    has_perms_by_name(o.SchemaAndName, 'OBJECT', 'EXECUTE')
    FROM (SELECT name, SCHEMA_NAME(schema_id) AS [schema],
    SCHEMA_NAME(schema_id)+'.'+name AS SchemaAndName
    FROM sys.objects
    WHERE type = 'P') AS o

    Best Regards,Uri Dimant SQL Server MVP, http://sqlblog.com/blogs/uri_dimant/

    MS SQL optimization: MS SQL Development and Optimization
    MS SQL Blog: Large scale of database and data cleansing
    MS SQL Consultants: Improves MS SQL Database Performance

    Tuesday, October 16, 2012 2:50 PM
    |
    |
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello Krunal,

    Please check the scripts below to see if you can get and tips on where to start from. You will need to join the database_prinicipals and Server_principals tables using 'sid' column in your join criteria. 

    List all Server Permissions
    List all Database Permissions

    Hima, To help the community better identify relevant thread, please don't forget to mark as answer or vote as helpful if and answer helps.


    Tuesday, October 16, 2012 8:54 PM
    |
    |
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hima and Uri,

    Your scripts are good but it won't help if i have to investigate for any login. I want something like if i pass any login , it should give me associated User, ServerRole and Role(System,custom) for each database and permission directly given to user,custom role or login.

    .*´¨) ¸.·´¸.·´¨) ¸.·*¨) (¸.·´ (¸.·´ .·´ (´¸.·* *·.¸.´¯`> Krunal

    Tuesday, October 16, 2012 10:16 PM
    |
    |
  • Question
    Sign in to vote
    0
    Sign in to vote

    See will the below one helps-

    see Vidya's one-

    http://sql-articles.com/scripts/script-to-retrieve-security-information-sql-server-2005-and-above/

    Rama Udaya.K ramaudaya.blogspot.com ---------------------------------------- Please remember to mark the replies as answers if they help and un-mark them if they provide no help.

    Wednesday, October 17, 2012 4:54 AM
    |
    |