Database Level Permission
DECLARE @DBuser_sql VARCHAR(4000) DECLARE @DBuser_table TABLE ( DBName VARCHAR(200), UserName VARCHAR(250), LoginType VARCHAR(500), AssociatedDatabaseRole VARCHAR(200) ) SET @DBuser_sql=' SELECT "[?]" AS DBName,a.name AS Name, a.type_desc AS LoginType, USER_NAME(b.role_principal_id) AS AssociatedDatabaseRole FROM [?].sys.database_principals a LEFT OUTER JOIN [?].sys.database_role_members b ON a.principal_id=b.member_principal_id LEFT OUTER JOIN [?].sys.server_role_members c ON a.principal_id=c.member_principal_id and a.principal_id=c.member_principal_id WHERE a.sid NOT IN (0x01,0x00) AND a.sid IS NOT NULL AND a.type NOT IN ("C") AND a.is_fixed_role <> 1 AND a.name NOT LIKE "##%" AND "?" NOT IN ("master","msdb","model","tempdb") ORDER BY Name' INSERT @DBuser_table EXEC sp_MSforeachdb @command1=@dbuser_sql SELECT DBName,UserName,LoginType, max(case when AssociatedDatabaseRole ='db_owner' then '1' else '0' end )'db_owner', max(case when AssociatedDatabaseRole ='db_securityadmin' then '1' else '0' end )'db_securityadmin', max(case when AssociatedDatabaseRole ='db_accessadmin' then '1' else '0' end )'db_accessadmin', max(case when AssociatedDatabaseRole ='db_backupoperator' then '1' else '0' end )'db_backupoperator', max(case when AssociatedDatabaseRole ='db_ddladmin' then '1' else '0' end )'db_ddladmin', max(case when AssociatedDatabaseRole ='db_datareader' then '1' else '0' end)'db_datareader', max(case when AssociatedDatabaseRole ='db_datawriter' then '1' else '0' end) 'db_datawriter', max(case when AssociatedDatabaseRole ='db_denydatawriter' then '1' else '0' end )'db_denydatawriter', max(case when AssociatedDatabaseRole ='db_denydatareader' then '1' else '0' end )'db_denydatareader', max(case when AssociatedDatabaseRole is NULL then '1' else '0' end )'No Roles' FROM @DBuser_table group by DBName,UserName,LoginType
Server Level Permission
SELECT sp.name AS LoginName,sp.type_desc AS LoginType, sp.default_database_name AS DefaultDBName,slog.sysadmin AS SysAdmin,slog.securityadmin AS SecurityAdmin,slog.serveradmin AS ServerAdmin, slog.setupadmin AS SetupAdmin, slog.processadmin AS ProcessAdmin, slog.diskadmin AS DiskAdmin, slog.dbcreator AS DBCreator,slog.bulkadmin AS BulkAdmin FROM sys.server_principals sp JOIN master..syslogins slog ON sp.sid=slog.sid WHERE sp.type <> 'R' AND sp.name NOT LIKE '##%'
Find Logins With VIEW SERVER STATE Permissions
SELECT @@SERVERNAME,SPRIN.[name],SPER.[permission_name] FROM sys.[server_permissions] SPER INNER JOIN sys.[server_principals] SPRIN ON SPER.[grantee_principal_id] = SPRIN.[principal_id] WHERE SPER.[permission_name] = 'VIEW SERVER STATE' AND (SPER.[state] = 'G' OR SPER.[state] = 'W')AND SPRIN.[name] NOT LIKE '##%' ORDER BY SPRIN.[name]
