sql-server - How can we identify the Objects with out permissions in SQL Server for a database
问题描述
We have more than 20K objects like tables, stored procedures, views, users. We have given some permissions to those objects.
Now we need to identify which objects we did not assign permissions, I can generate all objects/permissions.
Thanks
解决方案
use tempdb
go
create table A (id int)
create table B (id int)
create table C(id int, foo int)
go
create function dbo.funA()
returns bit
as
begin
return(0)
end
go
create view viewA
as
select * from A
go
create procedure procA
as
begin
select 1
end
go
--select to A
grant select on A to public;
go
--deny column on C
DENY SELECT ON c(foo) to public
go
--no permissions on any part of the object
--C is not displayed, there is permission on the column
select *
from sys.objects as o
where o.is_ms_shipped = 0
and not exists(select * from sys.database_permissions as dp where dp.major_id = o.object_id)
and o.name in ('A', 'B', 'C', 'funA', 'viewA', 'procA') --just for the example
--no permissions on the object itself
select *
from sys.objects as o
where o.is_ms_shipped = 0
and not exists(select * from sys.database_permissions as dp where dp.major_id = o.object_id and dp.minor_id = 0)
and o.name in ('A', 'B', 'C', 'funA', 'viewA', 'procA')
go
drop table A
go
drop table B
go
drop table C
go
drop function dbo.funA
go
drop view viewA
go
drop procedure procA
go
推荐阅读
- python-3.x - 从 selenium webdriver 中一一获取元素
- omnet++ - 连接多个消息内容时出错 omnet++
- javascript - 简单使用“必需”属性,但也验证表单(排除“@”)
- java - 为什么java允许在匿名内部类中重新分配类级变量,而局部变量则不允许
- c# - 在公共属性上相交两个对象列表,然后比较不同的属性
- php - 为什么 $line = fgets("data/$f_handle") 不起作用
- python - 使用 VS 代码时启用/禁用扩展
- maven - 在 Jenkins 管道中使用 build-helper-plugin 增加 Maven project.version
- android - Firebase:制作多语言通知
- node.js - Express 服务器:将现有文档克隆到另一个集合中