Check users in a security group in SQL Server

为君一笑 提交于 2020-11-26 06:23:02

问题


In the Security/Users folder in my database, I have a bunch of security groups, include "MyApplication Users". I need to check if I am (or another user is) in this group, but I have no idea how to query for it or where I could see this information. I tried looking in the properties, but couldn't find anything. Any ideas?


回答1:


Checking yourself or the current user:

SELECT IS_MEMBER('[group or role]')

A result of 1 = yes,0 = no, and null = the group or role queried is not valid.

To get a list of the users, try xp_logininfo if extended procs are enabled and the group in question is a windows group :

EXEC master..xp_logininfo 
@acctname = '[group]',
@option = 'members'



回答2:


For a quick view of which groups / roles the current user is a member of;

select
      [principal_id]
    , [name]
    , [type_desc]
    , is_member(name) as [is_member]
from [sys].[database_principals]
where [type] in ('R','G')
order by [is_member] desc,[type],[name]



回答3:


Accepted answer from DeanG is the preferred solution for getting this info within SQL Server


You can use Active Directory tools for this. I like Active Directory Users and Computers that is part of the Remote Server Administration Tools. Follow the link to download and install the tools on Windows 7.

Once installed, you can search for a specific group name:

Search

Then you can see group membership using the Members tab:

Members

If you don't want to use the AD browser packaged with RSA tools, there are several others available.




回答4:


To find the AD Group members in the Instance, we can use below query:

xp_logininfo 'DomainName\AD_GroupName', 'members'

By using this query, we can find the below states.

account name, type, privilege, mapped login name, permission path



回答5:


You don't.

Instead you use the users and groups to grant/deny privileges, and let the engine enforce them appropiately. Attempting to roll your own security will get you nowhere fast. A banal example is when you will fail to honor the 'one deny trumps all grants' rule. And you will fail to navigate the intricacies of EXECUTE AS. Not to mention security based on module signatures.

For the record: users, roles and groups are exposed in the sys.database_principals catalog view. sys.fn_my_permissions will return the current context permissions on a specific securable.




回答6:


The code that is provided on the Microsoft page here works for me, every time.

SELECT DP1.name AS DatabaseRoleName,   
   isnull (DP2.name, 'No members') AS DatabaseUserName   
 FROM sys.database_role_members AS DRM  
 RIGHT OUTER JOIN sys.database_principals AS DP1  
   ON DRM.role_principal_id = DP1.principal_id  
 LEFT OUTER JOIN sys.database_principals AS DP2  
   ON DRM.member_principal_id = DP2.principal_id  
WHERE DP1.type = 'R'
ORDER BY DP1.name;

Please let me know if this works for you!



来源:https://stackoverflow.com/questions/18751581/check-users-in-a-security-group-in-sql-server

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!