{"id":642,"date":"2016-04-11T11:08:11","date_gmt":"2016-04-11T11:08:11","guid":{"rendered":"http:\/\/www.dbafox.com\/?p=642"},"modified":"2016-04-11T11:08:11","modified_gmt":"2016-04-11T11:08:11","slug":"sql-server-display-users-and-roles","status":"publish","type":"post","link":"https:\/\/dbafox.com\/?p=642","title":{"rendered":"SQL Server – display Users and Roles"},"content":{"rendered":"

select * from (
\nSELECT
\n [UserName] = CASE princ.[type]
\n WHEN ‘S’ THEN princ.[name]
\n WHEN ‘U’ THEN ulogin.[name] COLLATE Latin1_General_CI_AI
\n END,
\n [UserType] = CASE princ.[type]
\n WHEN ‘S’ THEN ‘SQL User’
\n WHEN ‘U’ THEN ‘Windows User’
\n END,
\n [DatabaseUserName] = princ.[name],
\n [Role] = null,
\n [PermissionType] = perm.[permission_name],
\n [PermissionState] = perm.[state_desc],
\n [ObjectType] = obj.type_desc,–perm.[class_desc],
\n [ObjectName] = OBJECT_NAME(perm.major_id),
\n [ColumnName] = col.[name]
\nFROM
\n –database user
\n sys.database_principals princ
\nLEFT JOIN
\n –Login accounts
\n sys.login_token ulogin on princ.[sid] = ulogin.[sid]
\nLEFT JOIN
\n –Permissions
\n sys.database_permissions perm ON perm.[grantee_principal_id] = princ.[principal_id]
\nLEFT JOIN
\n –Table columns
\n sys.columns col ON col.[object_id] = perm.major_id
\n AND col.[column_id] = perm.[minor_id]
\nLEFT JOIN
\n sys.objects obj ON perm.[major_id] = obj.[object_id]
\nWHERE
\n princ.[type] in (‘S’,’U’)
\nUNION
\n–List all access provisioned to a sql user or windows user\/group through a database or application role
\nSELECT
\n [UserName] = CASE memberprinc.[type]
\n WHEN ‘S’ THEN memberprinc.[name]
\n WHEN ‘U’ THEN ulogin.[name] COLLATE Latin1_General_CI_AI
\n END,
\n [UserType] = CASE memberprinc.[type]
\n WHEN ‘S’ THEN ‘SQL User’
\n WHEN ‘U’ THEN ‘Windows User’
\n END,
\n [DatabaseUserName] = memberprinc.[name],
\n [Role] = roleprinc.[name],
\n [PermissionType] = perm.[permission_name],
\n [PermissionState] = perm.[state_desc],
\n [ObjectType] = obj.type_desc,–perm.[class_desc],
\n [ObjectName] = OBJECT_NAME(perm.major_id),
\n [ColumnName] = col.[name]
\nFROM
\n –Role\/member associations
\n sys.database_role_members members
\nJOIN
\n –Roles
\n sys.database_principals roleprinc ON roleprinc.[principal_id] = members.[role_principal_id]
\nJOIN
\n –Role members (database users)
\n sys.database_principals memberprinc ON memberprinc.[principal_id] = members.[member_principal_id]
\nLEFT JOIN
\n –Login accounts
\n sys.login_token ulogin on memberprinc.[sid] = ulogin.[sid]
\nLEFT JOIN
\n –Permissions
\n sys.database_permissions perm ON perm.[grantee_principal_id] = roleprinc.[principal_id]
\nLEFT JOIN
\n –Table columns
\n sys.columns col on col.[object_id] = perm.major_id
\n AND col.[column_id] = perm.[minor_id]
\nLEFT JOIN
\n sys.objects obj ON perm.[major_id] = obj.[object_id]
\nUNION
\n–List all access provisioned to the public role, which everyone gets by default
\nSELECT
\n [UserName] = ‘{All Users}’,
\n [UserType] = ‘{All Users}’,
\n [DatabaseUserName] = ‘{All Users}’,
\n [Role] = roleprinc.[name],
\n [PermissionType] = perm.[permission_name],
\n [PermissionState] = perm.[state_desc],
\n [ObjectType] = obj.type_desc,–perm.[class_desc],
\n [ObjectName] = OBJECT_NAME(perm.major_id),
\n [ColumnName] = col.[name]
\nFROM
\n –Roles
\n sys.database_principals roleprinc
\nLEFT JOIN
\n –Role permissions
\n sys.database_permissions perm ON perm.[grantee_principal_id] = roleprinc.[principal_id]
\nLEFT JOIN
\n –Table columns
\n sys.columns col on col.[object_id] = perm.major_id
\n AND col.[column_id] = perm.[minor_id]
\nJOIN
\n –All objects
\n sys.objects obj ON obj.[object_id] = perm.[major_id]
\nWHERE
\n –Only roles
\n roleprinc.[type] = ‘R’ AND
\n –Only public role
\n roleprinc.[name] = ‘public’ AND
\n –Only objects of ours, not the MS objects
\n obj.is_ms_shipped = 0
\n) T
\nwhere T.DatabaseUserName like ‘%HQU-PlatFin-DBAdmin%’<\/p>\n","protected":false},"excerpt":{"rendered":"

select * from ( SELECT [UserName] = CASE princ.[type] WHEN ‘S’ THEN princ.[name] WHEN ‘U’ THEN ulogin.[name] COLLATE Latin1_General_CI_AI END, [UserType] = CASE princ.[type] WHEN ‘S’ THEN ‘SQL User’ WHEN ‘U’ THEN ‘Windows User’ END, [DatabaseUserName] = princ.[name], [Role] = … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"pgc_sgb_lightbox_settings":"","_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[24],"tags":[],"class_list":["post-642","post","type-post","status-publish","format-standard","hentry","category-ms-sql-server"],"yoast_head":"\nSQL Server - display Users and Roles - dbafox<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/dbafox.com\/?p=642\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SQL Server - display Users and Roles - dbafox\" \/>\n<meta property=\"og:description\" content=\"select * from ( SELECT [UserName] = CASE princ.[type] WHEN ‘S’ THEN princ.[name] WHEN ‘U’ THEN ulogin.[name] COLLATE Latin1_General_CI_AI END, [UserType] = CASE princ.[type] WHEN ‘S’ THEN ‘SQL User’ WHEN ‘U’ THEN ‘Windows User’ END, [DatabaseUserName] = princ.[name], [Role] = … Continue reading →\" \/>\n<meta property=\"og:url\" content=\"https:\/\/dbafox.com\/?p=642\" \/>\n<meta property=\"og:site_name\" content=\"dbafox\" \/>\n<meta property=\"article:published_time\" content=\"2016-04-11T11:08:11+00:00\" \/>\n<meta name=\"author\" content=\"Ray Fox\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ray Fox\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/dbafox.com\/?p=642\",\"url\":\"https:\/\/dbafox.com\/?p=642\",\"name\":\"SQL Server - display Users and Roles - dbafox\",\"isPartOf\":{\"@id\":\"https:\/\/dbafox.com\/#website\"},\"datePublished\":\"2016-04-11T11:08:11+00:00\",\"author\":{\"@id\":\"https:\/\/dbafox.com\/#\/schema\/person\/287adc474c1aebd398752ac4dcfe27eb\"},\"breadcrumb\":{\"@id\":\"https:\/\/dbafox.com\/?p=642#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/dbafox.com\/?p=642\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/dbafox.com\/?p=642#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/dbafox.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SQL Server – display Users and Roles\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/dbafox.com\/#website\",\"url\":\"https:\/\/dbafox.com\/\",\"name\":\"dbafox\",\"description\":\"DBA Technical Information\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/dbafox.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/dbafox.com\/#\/schema\/person\/287adc474c1aebd398752ac4dcfe27eb\",\"name\":\"Ray Fox\",\"sameAs\":[\"http:\/\/www.dbafox.com\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"SQL Server - display Users and Roles - dbafox","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/dbafox.com\/?p=642","og_locale":"en_GB","og_type":"article","og_title":"SQL Server - display Users and Roles - dbafox","og_description":"select * from ( SELECT [UserName] = CASE princ.[type] WHEN ‘S’ THEN princ.[name] WHEN ‘U’ THEN ulogin.[name] COLLATE Latin1_General_CI_AI END, [UserType] = CASE princ.[type] WHEN ‘S’ THEN ‘SQL User’ WHEN ‘U’ THEN ‘Windows User’ END, [DatabaseUserName] = princ.[name], [Role] = … Continue reading →","og_url":"https:\/\/dbafox.com\/?p=642","og_site_name":"dbafox","article_published_time":"2016-04-11T11:08:11+00:00","author":"Ray Fox","twitter_misc":{"Written by":"Ray Fox","Estimated reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/dbafox.com\/?p=642","url":"https:\/\/dbafox.com\/?p=642","name":"SQL Server - display Users and Roles - dbafox","isPartOf":{"@id":"https:\/\/dbafox.com\/#website"},"datePublished":"2016-04-11T11:08:11+00:00","author":{"@id":"https:\/\/dbafox.com\/#\/schema\/person\/287adc474c1aebd398752ac4dcfe27eb"},"breadcrumb":{"@id":"https:\/\/dbafox.com\/?p=642#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/dbafox.com\/?p=642"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/dbafox.com\/?p=642#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/dbafox.com\/"},{"@type":"ListItem","position":2,"name":"SQL Server – display Users and Roles"}]},{"@type":"WebSite","@id":"https:\/\/dbafox.com\/#website","url":"https:\/\/dbafox.com\/","name":"dbafox","description":"DBA Technical Information","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/dbafox.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Person","@id":"https:\/\/dbafox.com\/#\/schema\/person\/287adc474c1aebd398752ac4dcfe27eb","name":"Ray Fox","sameAs":["http:\/\/www.dbafox.com"]}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p3ecMb-am","_links":{"self":[{"href":"https:\/\/dbafox.com\/index.php?rest_route=\/wp\/v2\/posts\/642","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dbafox.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dbafox.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dbafox.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/dbafox.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=642"}],"version-history":[{"count":1,"href":"https:\/\/dbafox.com\/index.php?rest_route=\/wp\/v2\/posts\/642\/revisions"}],"predecessor-version":[{"id":643,"href":"https:\/\/dbafox.com\/index.php?rest_route=\/wp\/v2\/posts\/642\/revisions\/643"}],"wp:attachment":[{"href":"https:\/\/dbafox.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=642"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dbafox.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=642"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dbafox.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=642"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}