May 1, 2017 by Kenneth Fisher
Quite a while ago I created a couple of little security scripts to help me out with permissions research. Over time they grew into the procedures sp_dbpermissions and sp_srvpermissions. I recently updated them to v 6.0 and one of the main reasons was so I could add an output option. And the main reason for that was so I could add a reporting option.
Every now and again I get asked to create a quick security report to answer the question: “what permissions exist on XYZ database”. Well here is. I (and you) can now answer that question quickly and easily.
EXEC sp_SrvPermissions @Output = 'Report';
EXEC sp_DBPermissions @Output = 'Report';
And there you go. It’s nothing more than a simple report that lists the principal name, a list of any roles they are a member of, and a list of any explicit grants or denies that have been applied to them. If you need something more detailed (something that can break down permissions from roles, or look into active directory and deal with AD groups for example) then you’ll need to get a paid product. Minion Enterprise for example.