49

您能否指导我如何查看授予 Azure SQL 数据库中的任何数据库用户或一般 MSSQL Server 实例的当前角色/权限?

我有以下查询:

SELECT r.name role_principal_name, m.name AS member_principal_name
FROM sys.database_role_members rm 
JOIN sys.database_principals r 
    ON rm.role_principal_id = r.principal_id
JOIN sys.database_principals m 
    ON rm.member_principal_id = m.principal_id
WHERE r.name IN ('loginmanager', 'dbmanager');

我还需要知道授予这些角色“loginmanager”和“dbmanager”的权限是什么?

你能帮我解决这个问题吗?

4

4 回答 4

67

根据sys.database_permissions的 MSDN 文档,此查询列出了显式授予或拒绝您连接到的数据库中的主体的所有权限:

SELECT DISTINCT pr.principal_id, pr.name, pr.type_desc, 
    pr.authentication_type_desc, pe.state_desc, pe.permission_name
FROM sys.database_principals AS pr
JOIN sys.database_permissions AS pe
    ON pe.grantee_principal_id = pr.principal_id;

根据在 Azure SQL 数据库中管理数据库和登录名,loginmanager 和 dbmanager 角色是 Azure SQL 数据库中可用的两个服务器级安全角色。loginmanager 角色拥有创建登录的权限,而 dbmanager 角色拥有创建数据库的权限。您可以使用上面对master数据库的查询来查看哪些用户属于这些角色。您还可以通过在连接到每个用户数据库时使用相同的查询(减去过滤谓词)来确定用户的角色成员身份。

于 2015-06-29T20:49:37.363 回答
46

要查看分配给用户的数据库角色,可以使用sys.database_role_members

以下查询返回数据库角色的成员。

SELECT DP1.name AS DatabaseRoleName,   
    isnull (DP2.name, 'No members') AS DatabaseUserName   
FROM sys.database_role_members AS DRM  
RIGHT OUTER JOIN sys.database_principals AS DP1  
    ON DRM.role_principal_id = DP1.principal_id  
LEFT OUTER JOIN sys.database_principals AS DP2  
    ON DRM.member_principal_id = DP2.principal_id  
WHERE DP1.type = 'R'
ORDER BY DP1.name;
于 2018-07-03T00:55:32.077 回答
24

@tmullaney的回答的基础上,您还可以在 sys.objects 视图中离开 join 以了解何时授予对象的明确权限。确保使用左连接:

SELECT DISTINCT pr.principal_id, pr.name AS [UserName], pr.type_desc AS [User_or_Role], pr.authentication_type_desc AS [Auth_Type], pe.state_desc,
    pe.permission_name, pe.class_desc, o.[name] AS 'Object' 
    FROM sys.database_principals AS pr 
    JOIN sys.database_permissions AS pe ON pe.grantee_principal_id = pr.principal_id
    LEFT JOIN sys.objects AS o on (o.object_id = pe.major_id)
于 2018-08-03T16:51:50.673 回答
-1

如果您想查找特定用户具有权限的对象名称,例如表名称和存储过程,请使用以下查询:

SELECT pr.principal_id, pr.name, pr.type_desc, 
    pr.authentication_type_desc, pe.state_desc, pe.permission_name, OBJECT_NAME(major_id) objectName
FROM sys.database_principals AS pr
JOIN sys.database_permissions AS pe ON pe.grantee_principal_id = pr.principal_id
--INNER JOIN sys.schemas AS s ON s.principal_id =  sys.database_role_members.role_principal_id 
     where pr.name in ('youruser1','youruser2')
于 2018-03-08T03:44:32.527 回答