Home Unlabelled Query used to get user permissions

Query used to get user permissions

July 12, 2024
A+ A- Print Email

 SELECT  @@ServerName AS [Instance Name], @@SERVICENAME AS Instance,GETDATE() AS TimeOfQuery,loginname AS [Login Name],createdate AS [Created Date], updatedate AS [Modified Date], accdate AS [Access Date], 

CASE WHEN sysadmin = 1 THEN 'Login is a member of the sysadmin server role' ELSE 'NA' END AS SysAdmin,

((CASE WHEN hasaccess = 1 THEN 'Login has been granted access to the server' + CHAR(13)+CHAR(10) ELSE 'NA' + CHAR(13)+CHAR(10) END) + 

(CASE WHEN isntname = 1 THEN 'Login is a Windows user or group' + CHAR(13)+CHAR(10) ELSE 'Login is a SQL Server login' + CHAR(13)+CHAR(10) END) + 

(CASE WHEN isntgroup = 1 THEN 'Login is a Windows group' + CHAR(13)+CHAR(10) ELSE '' END) + 

(CASE WHEN isntuser = 1 THEN 'Login is a Windows user' + CHAR(13)+CHAR(10) ELSE '' END) +

(CASE WHEN securityadmin = 1 THEN 'Login is a member of the securityadmin server role' + CHAR(13)+CHAR(10) ELSE '' END) +

(CASE WHEN serveradmin = 1 THEN 'Login is a member of the serveradmin fixed server role' + CHAR(13)+CHAR(10) ELSE '' END) +

(CASE WHEN setupadmin = 1 THEN 'Login is a member of the setupadmin fixed server role' + CHAR(13)+CHAR(10) ELSE '' END) +

(CASE WHEN processadmin = 1 THEN 'Login is a member of the processadmin fixed server role' + CHAR(13)+CHAR(10) ELSE '' END) +

(CASE WHEN diskadmin = 1 THEN 'Login is a member of the diskadmin fixed server role' + CHAR(13)+CHAR(10) ELSE '' END) +

(CASE WHEN dbcreator = 1 THEN 'Login is a member of the dbcreator fixed server role' + CHAR(13)+CHAR(10) ELSE '' END) +

(CASE WHEN bulkadmin = 1 THEN ' Login is a member of the bulkadmin fixed server role' + CHAR(13)+CHAR(10) ELSE '' END )) AS Description , 

'NA' as [GivenName], 'NA' as [Name], 'NA' as [Surname], 'NA' as [FullName] , 'NA' as [UserPrincipalName]

FROM syslogins INNER JOIN sys.server_principals ON server_principals.sid = syslogins.sid 

WHERE syslogins.name NOT IN ('sa' , 'VCN\CS-WS-SQL-SystemAdministrators', 'VCN\CS-WS-S-SQLDBTRACK') 

AND syslogins.name NOT LIKE '%NT SERVICE%' AND syslogins.name NOT LIKE '%##%' AND syslogins.name NOT LIKE '%NT AUTHORITY%' 

AND syslogins.name NOT LIKE '%IT-GLB-SQL-SOX' 

AND server_principals.is_disabled = 0;


Post a Comment

Subscribe to: Post Comments (Atom)
[blogger]

Author Name

Contact Form

Name

Email *

Message *

Powered by Blogger.