0

我们正在使用 NAV 2018 来源。我是 SQL 开发人员,我希望所有与角色、组、访问级别相关的用户信息用于审计目的。我有以下表格。但我得到的结果是巨大的。大约 1000 万条记录,我觉得这可能不正确。下面是表格列表和加入条件。

select 
        u.[UserName]as UserName
        ,u.WindowsSecurityID as UserSID
        ,u.[FullName]AS UserFullName
        ,u.[ContactEmail]as UserEmail
        ,isnull(ugm.[UserGroupCode],'') UserGroupCode
        ,isnull(ug.[Name],'') UserGroupCodeDescription
        ,isnull(ug.[DefaultProfileID],'') UserGroupProfile
        ,ug.[AssigntoAllNewUsers] UserGroupAssigntoAllNewUsers 
        ,ac.[RoleID]as AccessRole
        ,ps.[Name] RoleDescription
        , o.[Name]  as TableName
        , o.[ID]   as TableID 
        ,u.[State]as UserStatus
        ,ac.CompanyName
        ,CASE WHEN p.[ReadPermission]   = 1  THEN CONVERT(NVARCHAR(20),'Read Permission')   END AS Read_Permission
        ,CASE WHEN p.[InsertPermission]=1  THEN CONVERT(NVARCHAR(20),'Insert Permission')   END AS Insert_Permission
        ,CASE WHEN p.[ModifyPermission]=1  THEN CONVERT(NVARCHAR(20),'Modify Permission')   END AS Modify_Permission
        ,CASE WHEN p.[DeletePermission]=1  THEN CONVERT(NVARCHAR(20),'Delete Permission')   END AS Delete_Permission
        ,CASE WHEN p.[ExecutePermission]=1 THEN CONVERT(NVARCHAR(20),'Execute Permission')  END AS Execute_Permission   
    
    from    
        [User] u (nolock)
left join   
        AccessControl ac (nolock)
    on ac.[UserSecurityID]=u.[UserSecurityID] 
left join   
        Permission p (nolock)
    on ac.[RoleID]=p.[RoleID]
        and p.[ObjectType]=0 -- (Type = 0 is for Table .. I guess)
        and (p.[ReadPermission] = 1 or p.[InsertPermission] = 1 or p.[ModifyPermission] = 1 or p.[DeletePermission] = 1 or p.[ExecutePermission] = 1 )
left join   
        Object o (nolock)
    ON  o.[ID] = p.[ObjectID] and [Type]=0 -- (Type = 0 is for Table .. I guess)
left join 
        PermissionSet ps
    ON ps.RoleID = p.RoleID 
left join 
        UserGroupMember ugm (nolock)
    ON ugm.UserSecurityID = ac.UserSecurityID and ugm.CompanyName = ac.CompanyName 
left join 
        UserGroup ug (nolock)
    ON ug.Code = ugm.UserGroupCode 
    where   
        NULLIF(u.[UserName],'') IS NOT NULL
4

0 回答 0