sp_SrvPermissions & sp_DBPermissions V5.0

2

June 23, 2014 by Kenneth Fisher

These are a couple of stored procedures I wrote to help me with security research. Each of the stored procedures returns three data sets.

  1. A list of principals and some basic properties about them.
  2. Role membership
  3. Object/Database/Server level permissions

 
Each of the datasets has a set of do/undo scripts as well as various useful columns. For example the second data set contains information about which logins/users belong to which roles; and scripts to either add or remove the login/user from that role.

The stored procedures also have a number of parameters for restricting the result sets. For example principal name, role name, principal type, object name etc.

These sp’s can be run/stored anywhere and work just fine but if you run them in master then you can more easily call them from any database on the instance.

A few examples of times I’ve found them particularly handy:

  • I need to know every database a user has access to and what access they have.
  • I need to know all permissions for a given login across all databases.
  • I need to copy a login from one server to another (with SID and password).
  • I need to know everyone who has permissions to a specific object in the database.
  • I need to know everyone who is a member of sysadmin.

 
Standard disclaimers: This code is as-is. You should be careful running code you haven’t reviewed on your systems. Feel free to use it and place it on your systems. Please do not post my code without giving proper credit and preferably back to the original page. And of course if you happen to notice a problem, or have a suggestion please post them here or email me and I’ll be glad to fix/add as appropriate.

Latest update: Below are the latest additions.

sp_SrvPermissions

  • 04/27/2014 – Add @DBName parameter.

sp_DBPermissions

  • 4/29/2014 – Fix: Removed extra print statements
  • 4/29/2014 – Fix: Added SET NOCOUNT ON
  • 4/29/2014 – Added a USE statement to the scripts when using the @DBName = ‘All’ option
  • 5/01/2014 – Added @Permission parameter
  • 5/14/2014 – Added additional permissions based on information from Kendal Van Dyke’s post
    http://www.kendalvandyke.com/2014/02/using-sysobjects-when-scripting.html
  • 6/02/2014 – Added @LoginName parameter

Category: Dynamic SQL, Microsoft SQL Server, Security, SQLServerPedia Syndication, System Functions and Stored Procedures, T-SQL | Tags: , , , , , ,

»
«

2 thoughts on “sp_SrvPermissions & sp_DBPermissions V5.0

  1. Steve Armistead says:
    July 11, 2014 at 5:06 PM

    Nice, thank you! You put a lot of time, smarts, and effort into this.

    Reply

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Follow me via RSS

RSS Feed RSS - Posts

RSS Feed RSS - Comments

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 6,758 other subscribers

Follow me on Twitter

@sqlstudent144

Archives

Categories

Meta

ToadWorld Pro of the Month November 2013