zoukankan      html  css  js  c++  java

  • 数据库权限查询

     1 select SYSTEM_USER
 2 select USER_NAME(0),USER_NAME(1),USER_NAME(2),USER_NAME(3),USER_NAME(100) 
 3 
 4 --权限相关基本表
 5 select * from sys.server_principals
 6 select * from sys.database_principals
 7 select * from syslogins
 8 select * from sysusers
 9 select * from syspermissions
10 
11 select b.name as tName,c.name as objname,
12 CASE b.type
13  WHEN 'U' THEN 'Table'
14  WHEN 'P' THEN 'SP'
15  ELSE 'OTHER'
16  END AS TYPE,
17 CASE WHEN  a.ACTION = 26 AND a.PROTECTTYPE = 205 THEN '' ELSE '' END AS 'REFERENCES',
18 CASE WHEN  a.ACTION = 193 AND a.PROTECTTYPE = 205 THEN '' ELSE '' END AS 'SELECT',
19 CASE WHEN  a.ACTION = 195 AND a.PROTECTTYPE = 205 THEN '' ELSE '' END AS 'INSERT',
20 CASE WHEN  a.ACTION = 197 AND a.PROTECTTYPE = 205 THEN '' ELSE '' END AS 'UPDATE',
21 CASE WHEN  a.ACTION = 196 AND a.PROTECTTYPE = 205 THEN '' ELSE '' END AS 'DELETE',
22 CASE WHEN  a.ACTION = 224 AND a.PROTECTTYPE = 205 THEN '' ELSE '' END AS 'EXECUTE',
23 CASE a.PROTECTTYPE
24  WHEN 204 THEN 'GRANT_W_GRANT '
25  WHEN 205 THEN 'GRANT'
26  WHEN 206 THEN 'DENY'
27  ELSE 'OTHER'  --当有other出现的时候,需要将其他的PROTECTTYPE添加进去。
28  END AS PROTECTTYPE
29 from sysprotects a inner join sysobjects b on a.id = b.id
30  inner join sysusers c on a.uid = c.uid
31 order by tname
32 
33 select
34   'GRANT '+ CASE a.ACTION
35      WHEN 26 THEN 'REFERENCES'
36      WHEN 193 THEN 'SELECT'
37      WHEN 195 THEN 'INSERT'
38      WHEN 196 THEN 'DELETE'
39      WHEN 197 THEN 'UPDATE'
40      WHEN 224 THEN 'EXECUTE'
41     ELSE 'OTHER' --当有other出现的时候,需要将其他的ACTION类型添加进去。
42 END +' ON '+ b.name +' TO '+ c.name
43 from sysprotects a(nolock) inner join sysobjects b(nolock) on a.id = b.id
44   inner join sysusers  c (nolock)on a.uid = c.uid
45 WHERE A.UID > 0 
46 
47 select a.uid as uid,a.status as uStatus,a.name as uName,
48   b.uid as rId,b.status as rStatus,b.name as rName
49 from sysusers a left join sysmembers m on m.memberuid = a.uid
50     left join sysusers b on b.gid = m.groupuid
51 where a.issqluser =1
52  --a.islogin =1
53  --b.issqlrole
54 
55 SELECT DP.name as[user_name],SP.name as [logion_name] 
56 FROM sys.database_principals DP ,sys.server_principals SP 
57 WHERE SP.sid = DP.sid 
58   
59 select DbRole = g.name, MemberName = u.name, MemberSID = u.sid
60   from sys.database_principals u, sys.database_principals g, sys.database_role_members m
61  where g.principal_id = m.role_principal_id
62    and u.principal_id = m.member_principal_id
63  order by 1, 2
    权限相关基本查询
    1 use master
2 go
3  
4 select SrvRole = g.name, MemberName = u.name, MemberSID = u.sid
5   from sys.server_principals u, sys.server_principals g, sys.server_role_members m
6  where g.principal_id = m.role_principal_id
7    and u.principal_id = m.member_principal_id
8   order by 1, 2
9 go
    查看登陆帐户所属服务器角色
     1 WITH CTE AS
 2 (
 3 SELECT u.name AS 用户名,
 4 u.is_disabled AS 是否禁用,
 5 g.name as 服务器角色,
 6 '' as 'flag'
 7 FROM sys.server_principals u
 8 INNER JOIN sys.server_role_members m ON u.principal_id = m.member_principal_id
 9 INNER JOIN sys.server_principals g ON g.principal_id = m.role_principal_id
10 )
11 SELECT * FROM CTE PIVOT(MAX(flag) FOR 服务器角色 IN ([public],
12 [sysadmin],
13 [securityadmin],
14 [serveradmin],
15 [setupadmin],
16 [processadmin],
17 [diskadmin],
18 [dbcreator],
19 [bulkadmin])) AS T
20 go
    服务器级权限
     1 WITH CTE AS
 2 (
 3 SELECT u.name AS 用户名,
 4 g.name AS 数据库角色,
 5 '' as 'flag'
 6 FROM sys.database_principals u
 7 INNER JOIN sys.database_role_members m ON u.principal_id = m.member_principal_id
 8 INNER JOIN sys.database_principals g ON g.principal_id = m.role_principal_id
 9 )
10 SELECT * FROM CTE PIVOT(MAX(flag) FOR 数据库角色 IN ([public],
11 [db_owner],
12 [db_accessadmin],
13 [db_securityadmin],
14 [db_ddladmin],
15 [db_backupoperator],
16 [db_datareader],
17 [db_datawriter],
18 [db_denydatareader],
19 [db_denydatawriter])) AS T
20 go
    数据库级权限
     1 select c.name as 用户名,b.name as 对象名,
 2 CASE b.type
 3 WHEN 'U' THEN ''
 4 WHEN 'V' THEN '视图'
 5 WHEN 'FN' THEN '标量函数'
 6 WHEN 'AF' THEN '聚合函数'
 7 WHEN 'IF' THEN '内联表值函数'
 8 WHEN 'TF' THEN '表值函数'
 9 WHEN 'P' THEN '存储过程'
10 WHEN 'X' THEN '扩展存储过程'
11 ELSE  b.type
12 END AS 对象类型,
13 CASE WHEN a.ACTION = 26 AND a.PROTECTTYPE = 205 THEN '' ELSE '' END AS 'REFERENCES',
14 CASE WHEN a.ACTION = 193 AND a.PROTECTTYPE = 205 THEN '' ELSE '' END AS 'SELECT',
15 CASE WHEN a.ACTION = 195 AND a.PROTECTTYPE = 205 THEN '' ELSE '' END AS 'INSERT',
16 CASE WHEN a.ACTION = 197 AND a.PROTECTTYPE = 205 THEN '' ELSE '' END AS 'UPDATE',
17 CASE WHEN a.ACTION = 196 AND a.PROTECTTYPE = 205 THEN '' ELSE '' END AS 'DELETE',
18 CASE WHEN a.ACTION = 224 AND a.PROTECTTYPE = 205 THEN '' ELSE '' END AS 'EXECUTE',
19 CASE a.PROTECTTYPE
20 WHEN 204 THEN 'GRANT_W_GRANT'
21 WHEN 205 THEN 'GRANT'
22 WHEN 206 THEN 'DENY'
23 ELSE 'OTHER'
24 END AS PROTECTTYPE
25 from sysprotects a inner join sysobjects b on a.id = b.id
26 inner join sysusers c on a.uid = c.uid
27 go
    数据库级单独权限
    --SQL Server中查询用户的对象权限`和角色的方法
-- 查询用户的object权限
exec sp_helprotect NULL, 'public'
go
exec sp_helprotect @username = 'public'
go

-- 查询用户拥有的role
exec sp_helpuser 'public'

-- 查询哪些用户拥有指定的系统role
exec sp_helpsrvrolemember 'sysadmin'
go

     1 WITH tree_roles as
 2 (
 3     SELECT role_principal_id, member_principal_id
 4     FROM sys.database_role_members
 5     WHERE member_principal_id = USER_ID('UserName')
 6     UNION ALL
 7     SELECT c.role_principal_id,c.member_principal_id
 8     FROM sys.database_role_members as c
 9     inner join tree_roles
10     on tree_roles.member_principal_id = c.role_principal_id
11 )
12 SELECT distinct USER_NAME(role_principal_id) RoleName
13 FROM tree_roles
    可查询嵌套role
    1 SELECT
2  name as UserName, type_desc as UserType, is_disabled as IsDisabled
3 FROM sys.server_principals
4 where type_desc in('WINDOWS_LOGIN', 'SQL_LOGIN')
5 order by UserType, name, IsDisabled
    Who has access to my SQL Server instance?
    1 SELECT
2  dp.name as UserName, dp.type_desc as UserType, sp.name as LoginName, sp.type_desc as LoginType
3 FROM sys.database_principals dp
4 JOIN sys.server_principals sp ON dp.principal_id = sp.principal_id
5 order by UserType
    Who has access to my Databases?
    1 select
2  p.name as UserName, p.type_desc as UserType, pp.name as ServerRoleName, pp.type_desc as ServerRoleType
3 from sys.server_role_members roles
4 join sys.server_principals p on roles.member_principal_id = p.principal_id
5 join sys.server_principals pp on roles.role_principal_id = pp.principal_id
6 order by ServerRoleName, UserName
    Server Roles
    1 SELECT
2  p.name as UserName, p.type_desc as UserType, pp.name as DBRoleName, pp.type_desc as DBRoleType, pp.is_fixed_role as IfFixedRole
3 FROM sys.database_role_members roles
4 JOIN sys.database_principals p ON roles.member_principal_id = p.principal_id
5 JOIN sys.database_principals pp ON roles.role_principal_id = pp.principal_id
    Database Roles
    1 SELECT
2     grantor.name as GrantorName, dp.state_desc as StateDesc, dp.class_desc as ClassDesc, dp.permission_name as PermissionName,
3     OBJECT_NAME(major_id) as ObjectName, GranteeName = grantee.name
4 FROM sys.database_permissions dp
5 JOIN sys.database_principals grantee on dp.grantee_principal_id = grantee.principal_id
6 JOIN sys.database_principals grantor on dp.grantor_principal_id = grantor.principal_id
    What can these users do?
  • 相关阅读:
    常用集合比较
    windows和centos下安装ActiveMQ
    windows + maven + eclipse
    Eclipse常用插件 + Eclipse快捷键
    Zookeeper + Dubbo + SpringMVC + dubbo-admin
    Hession集成Spring + maven依赖通讯comm项目 + 解决@ResponseBody中文乱码
    Spring结合log4j(slf4j)
    nginx安装配置+集群tomcat:Centos和windows环境
    Manthan, Codefest 18 (rated, Div. 1 + Div. 2) ABCDE
    51nod 1483 化学变化
  • 原文地址:https://www.cnblogs.com/ziranquliu/p/14234209.html
Copyright © 2011-2022 走看看