I have a Microsoft SQL server database and a set of users.
Now in my app I want to make some functionality only visible, if the user has entered username and password with certain rights (admin).
Since the databases and the usernames and their rights can change, how do i check what permissions/rights an Microsoft SQL server user has?
SQL Server has a HAS_DBACCESS() function that returns information about whether the user has access to a specified database.
Using SQL Server management studio:In the object explorer window, right click on the view and click on Properties. Navigate to the Permissions tab. Here you can see the list of users or roles who has access to the view. Also, you can see the type of access the user or role has.
Open Microsoft SQL Management Studio Express. Navigate to Security > Logins > Right-click the db user and select Properties. In properties go to User Mappings. Click on the database and check that the options db_owner and Public are selected.
You can check current user's right on certain securables using [sys.fn_mypermissions][1]
which returns all permission on the securable. You can also check a specific permission with HAS_PERMS_BY_NAME
. Eg. you can check for CONTROL SERVER
permission which implies an administrator is logged in:
SELECT HAS_PERMS_BY_NAME(null, null, 'CONTROL SERVER');
The simplest way to do this is using the IS_MEMBER('rolename')
function, that checks whether the user is in the role/group 'db_owner'
. The function will perform a check at database level, and returns 1 (Int32), if the user has the specified role.
If you need to check at server level, you can use the IS_SRVROLEMEMBER function. Both are available since SQL Server 2005.
I'm not entirely certain that I understand your problem definition however assuming I do.....
I would suggest that you create a SQL Server Database Role that you can add the relevant application users to, perhaps via some group membership maintained within the App (or a Windows Domain Group). You can use the group to Role mapping to independently manage user membership, from managing the relevant permissions to securables within the database via the Role.
This way, you just need to check that an application User is a member of the relevant application or windows group, without the need to query the security configuration of SQL Server.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With