Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

microsoft sql server: check users own permissions

Tags:

sql

sql-server

I have a Microsoft SQL server database and a set of users.

Now in my app I want to make some functionality only visible, if the user has entered username and password with certain rights (admin).

Since the databases and the usernames and their rights can change, how do i check what permissions/rights an Microsoft SQL server user has?

like image 541
scigor Avatar asked Nov 25 '10 07:11

scigor

People also ask

How can I tell if a user has access to SQL Server?

SQL Server has a HAS_DBACCESS() function that returns information about whether the user has access to a specified database.

What are my permissions SQL Server?

Using SQL Server management studio:In the object explorer window, right click on the view and click on Properties. Navigate to the Permissions tab. Here you can see the list of users or roles who has access to the view. Also, you can see the type of access the user or role has.

How do I grant database owner permissions in SQL Server?

Open Microsoft SQL Management Studio Express. Navigate to Security > Logins > Right-click the db user and select Properties. In properties go to User Mappings. Click on the database and check that the options db_owner and Public are selected.

3 Answers

You can check current user's right on certain securables using [sys.fn_mypermissions][1] which returns all permission on the securable. You can also check a specific permission with HAS_PERMS_BY_NAME. Eg. you can check for CONTROL SERVER permission which implies an administrator is logged in:

SELECT HAS_PERMS_BY_NAME(null, null, 'CONTROL SERVER');
like image 199
Remus Rusanu Avatar answered Nov 08 '22 23:11

Remus Rusanu

The simplest way to do this is using the IS_MEMBER('rolename') function, that checks whether the user is in the role/group 'db_owner'. The function will perform a check at database level, and returns 1 (Int32), if the user has the specified role.

If you need to check at server level, you can use the IS_SRVROLEMEMBER function. Both are available since SQL Server 2005.

like image 39
jb_ Avatar answered Nov 08 '22 23:11

jb_

I'm not entirely certain that I understand your problem definition however assuming I do.....

I would suggest that you create a SQL Server Database Role that you can add the relevant application users to, perhaps via some group membership maintained within the App (or a Windows Domain Group). You can use the group to Role mapping to independently manage user membership, from managing the relevant permissions to securables within the database via the Role.

This way, you just need to check that an application User is a member of the relevant application or windows group, without the need to query the security configuration of SQL Server.

like image 22
John Sansom Avatar answered Nov 08 '22 23:11

John Sansom
Sign in to Comment

Related questions

SQL Query, Selecting 5 most recent in each group
Need help with the Merge statement
Oracle bug? SELECT returns no dupes, INSERT from SELECT has duplicate rows
SQL Count(*) on multiple tables
Stored procedure executing another stored procedure
correct way to create a pivot table in postgresql using CASE WHEN
How to Deal with SET ANSI_NULLS ON or OFF?
Verify two columns of two different tables match exactly
Clustered index - multi-part vs single-part index and effects of inserts/deletes
Get current updated column name to use in a trigger
Check if db connection is closed - php
Please explain this delete top 100 SQL syntax
How do you use autocomplete for thousands of entries?
How do I execute different SELECT statements based on a CASE
What is the difference between INTERSECT and WHERE IN?
Data object storage - Can table JOIN's do what single table SELECT's cannot?
postgres group by aggregate function
SQL Server sp_ExecuteSQL and Execution Plans
Delete data from dependent tables
GREATEST and LEAST in SQL standard

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!