--服务器级权限
WITH CTE AS (
SELECT
u.name AS 用户名,
u.is_disabled AS 是否禁用,
g.name AS 服务器角色,
'√' AS 'flag'
FROM
sys.server_principals u
INNER JOIN sys.server_role_members m ON u.principal_id = m.member_principal_id
INNER JOIN sys.server_principals g ON g.principal_id = m.role_principal_id
) SELECT
*
FROM
CTE PIVOT ( MAX ( flag ) FOR 服务器角色 IN ( [public], [sysadmin], [securityadmin], [serveradmin], [setupadmin], [processadmin], [diskadmin], [dbcreator], [bulkadmin] ) ) AS T;
--数据库级权限
WITH CTE AS (
SELECT
u.name AS 用户名,
g.name AS 数据库角色,
'√' AS 'flag'
FROM
sys.database_principals u
INNER JOIN sys.database_role_members m ON u.principal_id = m.member_principal_id
INNER JOIN sys.database_principals g ON g.principal_id = m.role_principal_id
) SELECT
*
FROM
CTE PIVOT (
MAX ( flag ) FOR 数据库角色 IN ( [public], [db_owner], [db_accessadmin], [db_securityadmin], [db_ddladmin], [db_backupoperator], [db_datareader], [db_datawriter], [db_denydatareader], [db_denydatawriter] )
) AS T;
--数据库级单独权限
SELECT
c.name AS 用户名,
b.name AS 对象名,
CASE
b.type
WHEN 'U' THEN
'Table'
WHEN 'P' THEN
'Procedure' ELSE 'OTHER'
END AS 对象类型,
CASE
WHEN a.ACTION = 26
AND a.PROTECTTYPE = 205 THEN
'√' ELSE ''
END AS 'REFERENCES',
CASE
WHEN a.ACTION = 193
AND a.PROTECTTYPE = 205 THEN
'√' ELSE ''
END AS 'SELECT',
CASE
WHEN a.ACTION = 195
AND a.PROTECTTYPE = 205 THEN
'√' ELSE ''
END AS 'INSERT',
CASE
WHEN a.ACTION = 197
AND a.PROTECTTYPE = 205 THEN
'√' ELSE ''
END AS 'UPDATE',
CASE
WHEN a.ACTION = 196
AND a.PROTECTTYPE = 205 THEN
'√' ELSE ''
END AS 'DELETE',
CASE
WHEN a.ACTION = 224
AND a.PROTECTTYPE = 205 THEN
'√' ELSE ''
END AS 'EXECUTE',
CASE
a.PROTECTTYPE
WHEN 204 THEN
'GRANT_W_GRANT'
WHEN 205 THEN
'GRANT'
WHEN 206 THEN
'DENY' ELSE 'OTHER'
END AS PROTECTTYPE
FROM
sysprotects a
INNER JOIN sysobjects b ON a.id = b.id
INNER JOIN sysusers c ON a.uid = c.uid;
