MSSQL: mudanças entre as edições
Ir para navegação
Ir para pesquisar
Sem resumo de edição |
Sem resumo de edição |
||
| Linha 23: | Linha 23: | ||
JOIN sys.database_permissions AS pe | JOIN sys.database_permissions AS pe | ||
ON pe.grantee_principal_id = pr.principal_id; | ON pe.grantee_principal_id = pr.principal_id; | ||
-- GET DETAILED PERMISSIONS | |||
;WITH | |||
[explicit] AS ( | |||
SELECT [p].[principal_id], [p].[name], [p].[type_desc], [p].[create_date], | |||
[dbp].[permission_name] COLLATE SQL_Latin1_General_CP1_CI_AS [permission], | |||
CAST('' AS SYSNAME) [grant_through] | |||
FROM [sys].[database_permissions] [dbp] | |||
INNER JOIN [sys].[database_principals] [p] ON [dbp].[grantee_principal_id] = [p].[principal_id] | |||
WHERE ([dbp].[type] IN ('IN','UP','DL','CL','DABO','IM','SL','TO') OR [dbp].[type] LIKE 'AL%' OR [dbp].[type] LIKE 'CR%') | |||
AND [dbp].[state] IN ('G','W') | |||
UNION ALL | |||
SELECT [dp].[principal_id], [dp].[name], [dp].[type_desc], [dp].[create_date], [p].[permission], [p].[name] [grant_through] | |||
FROM [sys].[database_principals] [dp] | |||
INNER JOIN [sys].[database_role_members] [rm] ON [rm].[member_principal_id] = [dp].[principal_id] | |||
INNER JOIN [explicit] [p] ON [p].[principal_id] = [rm].[role_principal_id] | |||
), | |||
[fixed] AS ( | |||
SELECT [dp].[principal_id], [dp].[name], [dp].[type_desc], [dp].[create_date], [p].[name] [permission], CAST('' AS SYSNAME) [grant_through] | |||
FROM [sys].[database_principals] [dp] | |||
INNER JOIN [sys].[database_role_members] [rm] ON [rm].[member_principal_id] = [dp].[principal_id] | |||
INNER JOIN [sys].[database_principals] [p] ON [p].[principal_id] = [rm].[role_principal_id] | |||
WHERE [p].[name] IN ('db_owner','db_datareader','db_datawriter','db_ddladmin','db_securityadmin','db_accessadmin','dbmanager','loginmanager') | |||
UNION ALL | |||
SELECT [dp].[principal_id], [dp].[name], [dp].[type_desc], [dp].[create_date], [p].[permission], [p].[name] [grant_through] | |||
FROM [sys].[database_principals] [dp] | |||
INNER JOIN [sys].[database_role_members] [rm] ON [rm].[member_principal_id] = [dp].[principal_id] | |||
INNER JOIN [fixed] [p] ON [p].[principal_id] = [rm].[role_principal_id] | |||
) | |||
SELECT DISTINCT DB_NAME() [database], [name] [username], [type_desc], [create_date], [permission], [grant_through] | |||
FROM [explicit] | |||
WHERE [type_desc] NOT IN ('DATABASE_ROLE') | |||
UNION ALL | |||
SELECT DISTINCT DB_NAME(), [name], [type_desc], [create_date], [permission], [grant_through] | |||
FROM [fixed] | |||
WHERE [type_desc] NOT IN ('DATABASE_ROLE') | |||
ORDER BY 1, 2 | |||
OPTION(MAXRECURSION 10); | |||
-- DELETE/REMOVE USER | -- DELETE/REMOVE USER | ||
Edição das 14h16min de 18 de outubro de 2021
Basic Commands
Azure SQL
-- Create LOGIN
CREATE LOGIN readonlylogin WITH password='1231!#ASDF!a';
-- Create USER
CREATE USER readonlyuser FROM LOGIN readonlylogin;
-- ADD ROLE MEMBER
EXEC sp_addrolemember 'db_datareader', 'readonlyuser';
-- OR
ALTER ROLE [db_datareader] ADD MEMBER [readonlyuser];
-- CREATE USER WITHOUT LOGIN
CREATE USER readonlyuser WITH PASSWORD = '1231!#ASDF!a';
-- GET ALL PERMISSIONS EXPLICITLY GRANTED OR DENIED
SELECT DISTINCT pr.principal_id, pr.name, pr.type_desc,
pr.authentication_type_desc, pe.state_desc, pe.permission_name
FROM sys.database_principals AS pr
JOIN sys.database_permissions AS pe
ON pe.grantee_principal_id = pr.principal_id;
-- GET DETAILED PERMISSIONS
;WITH
[explicit] AS (
SELECT [p].[principal_id], [p].[name], [p].[type_desc], [p].[create_date],
[dbp].[permission_name] COLLATE SQL_Latin1_General_CP1_CI_AS [permission],
CAST('' AS SYSNAME) [grant_through]
FROM [sys].[database_permissions] [dbp]
INNER JOIN [sys].[database_principals] [p] ON [dbp].[grantee_principal_id] = [p].[principal_id]
WHERE ([dbp].[type] IN ('IN','UP','DL','CL','DABO','IM','SL','TO') OR [dbp].[type] LIKE 'AL%' OR [dbp].[type] LIKE 'CR%')
AND [dbp].[state] IN ('G','W')
UNION ALL
SELECT [dp].[principal_id], [dp].[name], [dp].[type_desc], [dp].[create_date], [p].[permission], [p].[name] [grant_through]
FROM [sys].[database_principals] [dp]
INNER JOIN [sys].[database_role_members] [rm] ON [rm].[member_principal_id] = [dp].[principal_id]
INNER JOIN [explicit] [p] ON [p].[principal_id] = [rm].[role_principal_id]
),
[fixed] AS (
SELECT [dp].[principal_id], [dp].[name], [dp].[type_desc], [dp].[create_date], [p].[name] [permission], CAST('' AS SYSNAME) [grant_through]
FROM [sys].[database_principals] [dp]
INNER JOIN [sys].[database_role_members] [rm] ON [rm].[member_principal_id] = [dp].[principal_id]
INNER JOIN [sys].[database_principals] [p] ON [p].[principal_id] = [rm].[role_principal_id]
WHERE [p].[name] IN ('db_owner','db_datareader','db_datawriter','db_ddladmin','db_securityadmin','db_accessadmin','dbmanager','loginmanager')
UNION ALL
SELECT [dp].[principal_id], [dp].[name], [dp].[type_desc], [dp].[create_date], [p].[permission], [p].[name] [grant_through]
FROM [sys].[database_principals] [dp]
INNER JOIN [sys].[database_role_members] [rm] ON [rm].[member_principal_id] = [dp].[principal_id]
INNER JOIN [fixed] [p] ON [p].[principal_id] = [rm].[role_principal_id]
)
SELECT DISTINCT DB_NAME() [database], [name] [username], [type_desc], [create_date], [permission], [grant_through]
FROM [explicit]
WHERE [type_desc] NOT IN ('DATABASE_ROLE')
UNION ALL
SELECT DISTINCT DB_NAME(), [name], [type_desc], [create_date], [permission], [grant_through]
FROM [fixed]
WHERE [type_desc] NOT IN ('DATABASE_ROLE')
ORDER BY 1, 2
OPTION(MAXRECURSION 10);
-- DELETE/REMOVE USER
DROP USER readonlyuser;