SQL Server Query to Find All Permissions/Access for All Users in a Database


Introduction

In SQL Server, permissions are used to control access to database objects, such as tables and views. Each user in a database has a set of permissions that determine what they are able to do within the database, such as SELECT, INSERT, UPDATE, DELETE, and EXECUTE. To view the permissions that a user has been granted in a database, you can use the sys.database_permissions view. This view provides information about the permissions that have been granted or denied on database-level securables for a specific database. The sys.objects view contains information about all the objects in a database, and the sys.database_principals view contains information about the database users.

You can join these three views together to get a list of all permissions for all users in a database. The query will return a result set with three columns: 'User Name', 'Permission', and 'Object Name'. The 'User Name' column will contain the name of the user, the 'Permission' column will contain the type of permission that the user has, and the 'Object Name' column will contain the name of the object (such as a table or a view) that the permission applies to.

Definition

SQL Server Query to Find All Permissions/Access for All Users in a Database is a query that you can use to find all the permissions/access that have been granted to all users in a specific database in SQL Server. The query will return a result set that lists the user names, permissions, and the names of the objects (such as tables and views) that the permissions apply to. The query utilizes three system views in SQL Server: `sys.database_permissions`, `sys.objects`, and `sys.database_principals`.

The `sys.database_permissions` view provides information about the permissions that have been granted or denied on database-level securable for a specific database. The `sys.objects` view contains information about all the objects in a database, and the `sys.database_principals` view contains information about the database users.

The query is using INNER JOIN on the above three views based on their relationships to get the result. The query will filter only the SQL USER from the database principals using WHERE clause.

Keep in mind that this query only work for the specific database that you are connected to. If you need to check the permissions for all users in all databases, you will need to run the query against each database individually.

Important Points

There are several important points to keep in mind when using the SQL Server Query to Find All Permissions/Access for All Users in a Database −

  • The query uses the `sys.database_permissions`, `sys.objects`, and `sys.database_principals` views, so it will only work for the specific database that you are connected to. If you need to check the permissions for all users in all databases, you will need to run the query against each database individually.

  • The query returns information about the permissions that have been granted or denied on database-level securables, so it will not return information about server-level or object-level permissions.

  • The query only returns information about SQL USERs, not Windows users or roles, if you want to see the permissions of other type of users you need to tweak the query accordingly.

  • The query only show the permissions, but doesn't give information about the objects that are protected by these permission. If you want to see more details about the objects you can JOIN with other system views like sys.tables, sys.procedures etc

  • Keep in mind that this query will only show the permissions at the time the query was ran. If permissions were modified after that, it may not reflect the current situation.

  • If you have a large number of users or objects in the database, it might take some time to execute the query. You may also want to consider adding an index on the relevant columns of the views in question to improve performance

SQL Query

Here's a query that you can use to find all the permissions/access for all users in a specific database in SQL Server −

SELECT u.name as 'User Name', p.name as 'Permission', o.name as 'Object Name' FROM sys.database_permissions p INNER JOIN sys.objects o ON p.major_id = o.object_id INNER JOIN sys.database_principals u ON p.grantee_principal_id = u.principal_id WHERE u.type_desc = 'SQL_USER'

This query will return a result set with three columns: 'User Name', 'Permission', and 'Object Name'. The 'User Name' column will contain the name of the user, the 'Permission' column will contain the type of permission that the user has, and the 'Object Name' column will contain the name of the object (such as a table or a view) that the permission applies to.

You can change the WHERE clause to filter by user name, permission, Object name etc based on your requirement.

Note that this query will only work for the specific database that you are connected to. If you need to check the permissions for all users in all databases, you will need to run the query against each database individually.

Conclusion

  • The SQL Server Query to Find All Permissions/Access for All Users in a Database is a useful query for identifying the permissions that have been granted to users in a specific database.

  • By joining the `sys.database_permissions`, `sys.objects`, and `sys.database_principals views`, the query returns a list of user names, permissions, and the names of the objects (such as tables and views) that the permissions apply to.

Updated on: 27-Jan-2023

30K+ Views

Kickstart Your Career

Get certified by completing the course

Get Started
Advertisements