9

Running a local instance of SQL Server 2012.

I have created a custom role:

CREATE ROLE [my_user] AUTHORIZATION [dbo]

For all my users (local Windows users and SQL users), I have specified this role for my database (under the User Mappings setting). Thus, the following query should return 1:

SELECT IS_ROLEMEMBER('my_user')

For my Windows-authenticated users it does indeed return 1, but as soon as I'm logged on as an SQL user, it returns 0. I have triple-checked that the SQL user does indeed have this role. What am I missing here?

Update

Performed some more testing. This certainly is weird behavior. I performed these steps:

  1. On my local SQL Server I created a database test with user sa. Role my_user added.
  2. Logged on as sa in the Management Studio and added MYDOMAIN\MyUser to this role.
  3. Re-logged on with Windows Authentication and executed IS_ROLEMEMBER('my_user'). Returns 0.
  4. Tried the query using both sa (specifying the username) and the Windows user. Same problem.
  5. Tried restarting the SQL Server, just in case.

This makes no sense! If I right-click the role I can see that my Windows user is indeed a member of it. The IS_ROLEMEMBER function is flawed! When I run the following query, it shows that my user is indeed a member of the database role:

SELECT
    USER_NAME(memberuid), USER_NAME(groupuid)
FROM
    sys.sysmembers
WHERE
    USER_NAME(groupuid) = 'my_user'

This also shows my membership:

select r.name as role_name, m.name as member_name from sys.database_role_members rm 
inner join sys.database_principals r on rm.role_principal_id = r.principal_id
inner join sys.database_principals m on rm.member_principal_id = m.principal_id

Some additional information:

  • I'm on a domain, but currently disconnected. I have seen this problem when connected too though.
  • Running Windows 8.1 64-bit.

Update 2

If I explicitly specify the principal as some have suggested, I get this error (executing as sa):

SELECT IS_ROLEMEMBER('my_user', 'MYDOMAIN\UserX')

Msg 15404, Level 16, State 19, Line 1
Could not obtain information about Windows NT group/user 'MYDOMAIN\UserX',
error code 0x54b.

Could it be that IS_ROLEMEMBER experiences the same problem, but does not print the error?

4

3 回答 3

8

我刚刚遇到了同样的问题......我发现有问题的用户也分配了服务器角色。当我删除除“public”之外的所有服务器角色时,is_rolemember 查询突然开始正确报告 1 而不是 0 ......我来回测试了几次以确认。

于 2014-11-26T18:56:38.320 回答
3

尝试明确指定主体。

SELECT IS_ROLEMEMBER('my_user', 'SqlLogin')

我对此进行了测试,它返回了 1。

CREATE DATABASE TestDatabase;
GO

USE TestDatabase;
GO

CREATE ROLE TestRole AUTHORIZATION dbo;
GO

CREATE USER TestUser WITHOUT LOGIN;
GO

EXEC sp_addrolemember 'TestRole', 'TestUser';
GO

SELECT IS_ROLEMEMBER('TestRole', 'TestUser');
GO
于 2013-11-15T21:24:09.780 回答
3

也有这个问题。原来我必须删除 sysadmin 服务器角色,然后它才起作用。

这取自:https ://docs.microsoft.com/en-us/sql/t-sql/functions/is-member-transact-sql

sysadmin 固定服务器角色的成员以 dbo 用户身份进入每个数据库。检查 sysadmin 固定服务器角色成员的权限,检查 dbo 的权限,而不是原始登录名。由于 dbo 不能添加到数据库角色并且不存在于 Windows 组中,因此 dbo 将始终返回 0(如果角色不存在,则返回 NULL)。

于 2017-11-03T10:10:15.597 回答