一,在Database level上,主要有 sys.database_principals, sys.database_permissions 和 sys.database_role_members。
Script1,查询数据库中 role 和 其Member(SQL User)的关系
select dbp_r.name as RoleName,dbp_r.type_desc as RoleTypeDesc,
dbp_r.authentication_type_desc as Role_authentication_type_desc,
dbp_u.name as UserName,dbp_u.type_desc as UserTypeDesc,
dbp_u.authentication_type_desc as user_authentication_type_desc
from sys.database_role_members dbrm
inner join sys.database_principals dbp_r
on dbrm.role_principal_id=dbp_r.principal_id and dbp_r.type=N‘R‘
inner join sys.database_principals dbp_u
on dbrm.member_principal_id=dbp_u.principal_id and dbp_u.type =N‘S‘
Script2, Listing all the permissions of database principals
SELECT pr.principal_id, pr.name, pr.type_desc, pr.authentication_type_desc,
pe.permission_name,pe.class_desc,pe.state_desc
FROM sys.database_principals AS pr
Inner JOIN sys.database_permissions AS pe
ON pe.grantee_principal_id = pr.principal_id;
Script3,Listing permissions on schemas or objects within a database
--查看对Object授予的权限
SELECT pr.principal_id, pr.name, pr.type_desc,
pr.authentication_type_desc, pe.state_desc,
pe.permission_name,pe.class_desc, s.name + ‘.‘ + o.name AS ObjectName
FROM sys.database_principals AS pr
JOIN sys.database_permissions AS pe
ON pe.grantee_principal_id = pr.principal_id
JOIN sys.objects AS o
ON pe.major_id = o.object_id
JOIN sys.schemas AS s
ON o.schema_id = s.schema_id
where pe.class =1;
--查看对Schema授予的权限
SELECT pr.principal_id, pr.name, pr.type_desc,
pr.authentication_type_desc, pe.state_desc,
pe.permission_name,pe.class_desc, s.name AS SchemaName
FROM sys.database_principals AS pr
JOIN sys.database_permissions AS pe
ON pe.grantee_principal_id = pr.principal_id
JOIN sys.schemas AS s
ON pe.major_id = s.schema_id
where pe.class =3;
参考:sys.database_permissions (Transact-SQL)
二,在Server Level上,后续研究....
参考文档:
Security Catalog Views (Transact-SQL)
时间: 2024-10-01 06:52:32