这可能是一个有用的开始:
-- Server Pricipals - Who has access to this server?
SELECT
'Server Principals'
, ServerPrincipals.name AS ServerObject
, ServerPrincipals.type_desc AS ServerObjectType
, ServerPrincipals.is_disabled AS [Disabled]
FROM sys.server_principals ServerPrincipals
ORDER BY type_desc
-- Server Roles - What server roles do my server logins have?
SELECT
'Server Roles'
, ServerMemberPrincipal.name
, ServerMemberPrincipal.type_desc
, ServerRolePrincipal.name
, ServerRolePrincipal.type_desc
FROM sys.server_role_members ServerRoleMembers
INNER JOIN sys.server_principals ServerMemberPrincipal
ON ServerRoleMembers.member_principal_id = ServerMemberPrincipal.principal_id
INNER JOIN sys.server_principals ServerRolePrincipal
ON ServerRoleMembers.role_principal_id = ServerRolePrincipal.principal_id
-- Database Users - Who has access to this database?
SELECT
'Database Users'
, UserName = DatabasePrincipal.name
, UserType = DatabasePrincipal.type_desc
, LoginName = sp.name
, LoginType = sp.type_desc
FROM sys.database_principals DatabasePrincipal
INNER JOIN sys.server_principals sp
ON DatabasePrincipal.principal_id = sp.principal_id
ORDER BY LoginType, UserName, UserType, LoginName
-- Database Roles - What database roles do the users in this database have?
SELECT
'Database Roles'
, DatabaseMemberPrincipal.name
, DatabaseMemberPrincipal.type_desc
, DatabaseRolePrincipal.name
, DatabaseRolePrincipal.type_desc
, DatabaseRolePrincipal.is_fixed_role
FROM sys.database_role_members DatabaseRoleMembers
INNER JOIN sys.database_principals DatabaseMemberPrincipal
ON DatabaseRoleMembers.member_principal_id = DatabaseMemberPrincipal.principal_id
INNER JOIN sys.database_principals DatabaseRolePrincipal
ON DatabaseRoleMembers.role_principal_id = DatabaseRolePrincipal.principal_id
-- Database Permissions - What can my database users and roles do?
SELECT
'Database Permissions'
, GranteeName = grantee.name
, [State] = DatabasePermissions.state_desc
, Granted = DatabasePermissions.permission_name
, [For] = DatabasePermissions.class_desc
, [On] = COALESCE(OBJECT_NAME(DatabasePermissions.major_id), XmlSchemaCollection.name, DbName.Name, SymmetricKeys.Name, CertificateName.Name)
, [By] = grantor.name
FROM sys.database_permissions DatabasePermissions
INNER JOIN sys.database_principals Grantee
ON DatabasePermissions.grantee_principal_id = grantee.principal_id
INNER JOIN sys.database_principals Grantor
ON DatabasePermissions.grantor_principal_id = grantor.principal_id
LEFT JOIN sys.xml_schema_collections XmlSchemaCollection
ON XmlSchemaCollection.xml_collection_id = DatabasePermissions.major_id
AND DatabasePermissions.class_desc = 'XML_SCHEMA_COLLECTION'
OUTER APPLY (SELECT DB_NAME() AS Name WHERE DatabasePermissions.class_desc = 'DATABASE') DbName
LEFT JOIN sys.symmetric_keys SymmetricKeys
ON SymmetricKeys.symmetric_key_id = DatabasePermissions.major_id
AND DatabasePermissions.class_desc = 'SYMMETRIC_KEYS'
LEFT JOIN sys.certificates CertificateName
ON CertificateName.certificate_id = DatabasePermissions.major_id
AND DatabasePermissions.class_desc = 'CERTIFICATE'
ORDER BY GranteeName, Granted, [For], [On], [State], [By]