Reputation: 1011
How to list role members in SQL Server 2008 R2
I'm using the following T-SQL to obtain role members from my SQL Server 2008 R2 database:
select rp.name as database_role, mp.name as database_user
from sys.database_role_members drm
join sys.database_principals rp on (drm.role_principal_id = rp.principal_id)
join sys.database_principals mp on (drm.member_principal_id = mp.principal_id)
order by rp.name
When I examine the output I notice that the only role members listed for db_datareader are db roles - no user members of db_datareader are listed in the query.
Why is that? How can I also list the user members of my db roles?
I guess I should also ask whether the table sys.database_role_members actually contains all members of a role?
Upvotes: 29
Views: 81826
Answers (3)
Reputation: 231
Here is another way
SELECT dp.name as RoleName, us.name as UserName
FROM sys.sysusers us right
JOIN sys.database_role_members rm ON us.uid = rm.member_principal_id
JOIN sys.database_principals dp ON rm.role_principal_id = dp.principal_id
Upvotes: 23
Reputation: 1011
I've worked out what's going on.
When I queried out the role members I was comparing the output with what SSMS listed as role members in the role's properties dialog - this included users as well as roles, but the users weren't being listed by the query as listed in my question. I turns out that when listing role members, SSMS expands members that are roles to display the members of those roles.
The following query replicates the way in which SSMS lists role members:
WITH RoleMembers (member_principal_id, role_principal_id)
AS
(
SELECT
rm1.member_principal_id,
rm1.role_principal_id
FROM sys.database_role_members rm1 (NOLOCK)
UNION ALL
SELECT
d.member_principal_id,
rm.role_principal_id
FROM sys.database_role_members rm (NOLOCK)
INNER JOIN RoleMembers AS d
ON rm.member_principal_id = d.role_principal_id
)
select distinct rp.name as database_role, mp.name as database_userl
from RoleMembers drm
join sys.database_principals rp on (drm.role_principal_id = rp.principal_id)
join sys.database_principals mp on (drm.member_principal_id = mp.principal_id)
order by rp.name
The above query uses a recursive CTE to expand a role into it's user members.
Upvotes: 38
Reputation: 28403
Try this
;with ServerPermsAndRoles as
(
select
spr.name as principal_name,
spr.type_desc as principal_type,
spm.permission_name collate SQL_Latin1_General_CP1_CI_AS as security_entity,
'permission' as security_type,
spm.state_desc
from sys.server_principals spr
inner join sys.server_permissions spm
on spr.principal_id = spm.grantee_principal_id
where spr.type in ('s', 'u')
union all
select
sp.name as principal_name,
sp.type_desc as principal_type,
spr.name as security_entity,
'role membership' as security_type,
null as state_desc
from sys.server_principals sp
inner join sys.server_role_members srm
on sp.principal_id = srm.member_principal_id
inner join sys.server_principals spr
on srm.role_principal_id = spr.principal_id
where sp.type in ('s', 'u')
)
select *
from ServerPermsAndRoles
order by principal_name
(Or)
SELECT p.name, o.name, d.*
FROM sys.database_principals AS p
JOIN sys.database_permissions AS d ON d.grantee_principal_id = p.principal_id
JOIN sys.objects AS o ON o.object_id = d.major_id
Upvotes: 3
Related Questions
- Listing users and their roles in SQL Server
- View all securables for roles in SQL Server database?
- SQL query to retrieve role
- How to show SQL server 2000 server roles through an SQL query
- How can I see roles permissions in SQL Server?
- SQL Server: Checking role membership
- How to query current user's roles
- TSQL to know database role members
- In SQL Server 2005, how can I write a query to list all login, their server role, correspond user in all db, db role?
- MSSQL2000: get list of role members