How to list role members in SQL Server 2008 R2

前端 未结 3 1600
猫巷女王i
猫巷女王i 2021-02-01 05:38

I\'m using the following T-SQL to obtain role members from my SQL Server 2008 R2 database:

select rp.name as database_role, mp.name as database_user
from sys.dat         


        
相关标签:
3条回答
  • 2021-02-01 05:44

    Here is another way

    SELECT dp.name , us.name  
    FROM sys.sysusers us right 
    JOIN  sys.database_role_members rm ON us.uid = rm.member_principal_id
    JOIN sys.database_principals dp ON rm.role_principal_id =  dp.principal_id
    
    0 讨论(0)
  • 2021-02-01 06:01

    Try this

    ;with ServerPermsAndRoles as
    (
        select
            spr.name as principal_name,
            spr.type_desc as principal_type,
            spm.permission_name collate SQL_Latin1_General_CP1_CI_AS as security_entity,
            'permission' as security_type,
            spm.state_desc
        from sys.server_principals spr
        inner join sys.server_permissions spm
        on spr.principal_id = spm.grantee_principal_id
        where spr.type in ('s', 'u')
    
        union all
    
        select
            sp.name as principal_name,
            sp.type_desc as principal_type,
            spr.name as security_entity,
            'role membership' as security_type,
            null as state_desc
        from sys.server_principals sp
        inner join sys.server_role_members srm
        on sp.principal_id = srm.member_principal_id
        inner join sys.server_principals spr
        on srm.role_principal_id = spr.principal_id
        where sp.type in ('s', 'u')
    )
    select *
    from ServerPermsAndRoles
    order by principal_name
    

    (Or)

    SELECT p.name, o.name, d.*
    FROM sys.database_principals AS p
    JOIN sys.database_permissions AS d ON d.grantee_principal_id = p.principal_id
    JOIN sys.objects AS o ON o.object_id = d.major_id
    
    0 讨论(0)
  • 2021-02-01 06:08

    I've worked out what's going on.

    When I queried out the role members I was comparing the output with what SSMS listed as role members in the role's properties dialog - this included users as well as roles, but the users weren't being listed by the query as listed in my question. I turns out that when listing role members, SSMS expands members that are roles to display the members of those roles.

    The following query replicates the way in which SSMS lists role members:

    WITH RoleMembers (member_principal_id, role_principal_id) 
    AS 
    (
      SELECT 
       rm1.member_principal_id, 
       rm1.role_principal_id
      FROM sys.database_role_members rm1 (NOLOCK)
       UNION ALL
      SELECT 
       d.member_principal_id, 
       rm.role_principal_id
      FROM sys.database_role_members rm (NOLOCK)
       INNER JOIN RoleMembers AS d 
       ON rm.member_principal_id = d.role_principal_id
    )
    select distinct rp.name as database_role, mp.name as database_userl
    from RoleMembers drm
      join sys.database_principals rp on (drm.role_principal_id = rp.principal_id)
      join sys.database_principals mp on (drm.member_principal_id = mp.principal_id)
    order by rp.name
    

    The above query uses a recursive CTE to expand a role into it's user members.

    0 讨论(0)
提交回复
热议问题