如何找到自定义角色具有执行权限的存储过程? SQL SEVER

时间:2022-06-19 15:05:56

I am trying to identify on which stored procedures a custom role has execute permission using a query. I tried using has_perms_by_name, but I failed to understand and use it.

我试图通过查询确定自定义角色具有执行权限的存储过程。我尝试使用has_perms_by_name,但我没理解并使用它。

2 个解决方案

#1


0  

this should give your target:

这应该给你的目标:

DECLARE @Obj_sql VARCHAR(2000)
DECLARE @Obj_table TABLE (DBName VARCHAR(200), UserName VARCHAR(250), ObjectName VARCHAR(500), Permission VARCHAR(200), objecttype varchar(200))
SET @Obj_sql='select ''?'' as DBName,U.name as username, O.name as object,  permission_name as permission, o.type from ?.sys.database_permissions
join ?.sys.sysusers U on grantee_principal_id = uid join ?.sys.sysobjects O on major_id = id WHERE ''?'' NOT IN (''master'',''msdb'',''model'',''tempdb'') order by U.name '

INSERT @Obj_table
EXEC sp_msforeachdb @command1=@Obj_sql

SELECT * FROM @Obj_table
where UserName = 'RSExecRole' --edit with username you're looking for
and objecttype = 'P'

#2


1  

Assuming you only care what stored procedures the role has been explicitly granted execute permissions on:

假设您只关心哪些存储过程已明确授予该角色执行权限:

DECLARE @role SYSNAME = 'MyRole';

SELECT o.[name]
FROM sys.database_permissions p
JOIN sys.objects o ON p.major_id = o.[object_id]
JOIN sys.database_principals pr ON p.grantee_principal_id = pr.principal_id
WHERE pr.[name] = @role
    AND p.[state] = 'G' -- GRANT
    AND p.[type] = 'EX' -- EXECUTE
    AND o.[type] = 'P' -- PROCEDURE

This does not cover the (less common) case where the role has been given a global GRANT EXECUTE.

这不包括角色被赋予全局GRANT EXECUTE的(不太常见)情况。

#1


0  

this should give your target:

这应该给你的目标:

DECLARE @Obj_sql VARCHAR(2000)
DECLARE @Obj_table TABLE (DBName VARCHAR(200), UserName VARCHAR(250), ObjectName VARCHAR(500), Permission VARCHAR(200), objecttype varchar(200))
SET @Obj_sql='select ''?'' as DBName,U.name as username, O.name as object,  permission_name as permission, o.type from ?.sys.database_permissions
join ?.sys.sysusers U on grantee_principal_id = uid join ?.sys.sysobjects O on major_id = id WHERE ''?'' NOT IN (''master'',''msdb'',''model'',''tempdb'') order by U.name '

INSERT @Obj_table
EXEC sp_msforeachdb @command1=@Obj_sql

SELECT * FROM @Obj_table
where UserName = 'RSExecRole' --edit with username you're looking for
and objecttype = 'P'

#2


1  

Assuming you only care what stored procedures the role has been explicitly granted execute permissions on:

假设您只关心哪些存储过程已明确授予该角色执行权限:

DECLARE @role SYSNAME = 'MyRole';

SELECT o.[name]
FROM sys.database_permissions p
JOIN sys.objects o ON p.major_id = o.[object_id]
JOIN sys.database_principals pr ON p.grantee_principal_id = pr.principal_id
WHERE pr.[name] = @role
    AND p.[state] = 'G' -- GRANT
    AND p.[type] = 'EX' -- EXECUTE
    AND o.[type] = 'P' -- PROCEDURE

This does not cover the (less common) case where the role has been given a global GRANT EXECUTE.

这不包括角色被赋予全局GRANT EXECUTE的(不太常见)情况。