The simplest approach is to use the stored procedures that Microsoft has included with the database engine. A lot of these same procedures are called when use the GUI, but instead of showing you data one object at a time you can take a look across your server or across your database.
Here is a list of some of these useful commands, what they do and sample output from each command.
| sp_helprotect | This command will show you the permissions that have been granted or denied for all objects in a database. You can also specify the object name to see the permissions for that just that object. |
 | |
| sp_helprole | This command will show you a list of all the database roles You can also specify the role name to see information about just that role. |
 | |
| sp_helprolemember | This command will show you a list of all roles that have users in them as well as the user name. You can also specify the role name to see the users for just that role. |
 | |
| sp_helpsrvrole | This command will show you a list of all the server roles. You can also specify the server role if you only want to see info about just that one server role. |
 | |
| sp_helpsrvrolemember | This command shows you logins that have access to all server roles or you can specify just one server role to examine. |
 | |
| sp_helpdbfixedrole | This command shows a list of fixed database roles. You can also specify just one role. |
 | |
| sp_helplogins | This command returns attributes about all of your logins or you can specify just one login. |
  | |
| sp_helpntgroup | This command shows you windows groups that have access to the current database. |
 | |
| sp_helpuser | This command shows you information about users that have access to the current database. |
 | |
Next Steps
- Add these commands to the list of tools that you use to manage your SQL Server. These commands work for both SQL 2000 and SQL 2005
- Use these commands to take a periodic audit of your server and database permissions.
No comments:
Post a Comment