How to view the roles and permissions granted to any database user in Azure SQL server instance

Question

Could you guide me on how to view the current roles permissions granted to any database user in Azure SQL Database or in general for a MSSQL Server instance    I have this below query    SELECT r name role principal name  m name AS member principal name FROM sys database role members rm  JOIN sys database principals r      ON rm role principal id   r principal id JOIN sys database principals m      ON rm member principal id   m principal id WHERE r name IN   loginmanager    dbmanager      I further need to know what are the permissions granted to these roles  loginmanager  and  dbmanager     Could you help me on this

User · Answer

To view database roles assigned to users, you can use sys.database_role_members

The following query returns the members of the database roles.

SELECT DP1.name AS DatabaseRoleName,   
    isnull (DP2.name, 'No members') AS DatabaseUserName   
FROM sys.database_role_members AS DRM  
RIGHT OUTER JOIN sys.database_principals AS DP1  
    ON DRM.role_principal_id = DP1.principal_id  
LEFT OUTER JOIN sys.database_principals AS DP2  
    ON DRM.member_principal_id = DP2.principal_id  
WHERE DP1.type = 'R'
ORDER BY DP1.name;

User · Answer

Per the MSDN documentation for sys database permissions  this query lists all permissions explicitly granted or denied to principals in the database you re connected to   SELECT DISTINCT pr principal id  pr name  pr type desc       pr authentication type desc  pe state desc  pe permission name FROM sys database principals AS pr JOIN sys database permissions AS pe     ON pe grantee principal id   pr principal id    Per Managing Databases and Logins in Azure SQL Database  the loginmanager and dbmanager roles are the two server-level security roles available in Azure SQL Database  The loginmanager role has permission to create logins  and the dbmanager role has permission to create databases  You can view which users belong to these roles by using the query you have above against the master database  You can also determine the role memberships of users on each of your user databases by using the same query  minus the filter predicate  while connected to them

User · Answer

if you want to find about object name e g  table name and stored procedure on which particular user has permission  use the following query   SELECT pr principal id  pr name  pr type desc       pr authentication type desc  pe state desc  pe permission name  OBJECT NAME major id  objectName FROM sys database principals AS pr JOIN sys database permissions AS pe ON pe grantee principal id   pr principal id --INNER JOIN sys schemas AS s ON s principal id    sys database role members role principal id       where pr name in   youruser1   youruser2

User · Answer

Building on  tmullaney  s answer  you can also left join in the sys objects view to get insight when explicit permissions have been granted on objects  Make sure to use the LEFT join    SELECT DISTINCT pr principal id  pr name AS  UserName   pr type desc AS  User or Role   pr authentication type desc AS  Auth Type   pe state desc      pe permission name  pe class desc  o  name  AS  Object       FROM sys database principals AS pr      JOIN sys database permissions AS pe ON pe grantee principal id   pr principal id     LEFT JOIN sys objects AS o on  o object id   pe major id

[sql-server] How to view the roles and permissions granted to any database user in Azure SQL server instance?

Examples related to sql-server

Examples related to azure

Examples related to azure-sql-database