Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Declare @Login sysname,
- @CurrID int,
- @MaxID int,
- @DBName sysname,
- @SQL nvarchar(1000);
- Declare @LogInfo Table (AcctID int not null identity(1, 1) primary key,
- AcctName sysname not null, -- Fully qualified Windows account name
- AcctType char(8) not null, -- Type of Windows account. Valid values are user or group
- Privilege char(9) not null, -- Access privilege for SQL Server. Valid values are admin, user, or null
- MappedLogin sysname not null, -- For user accounts that have user privilege, mapped login name shows the mapped login name that SQL Server tries to use when logging in with this account by using the mapped rules with the domain name added before it
- PermissionPath sysname null, -- Group membership that allowed the account access
- SysID varbinary(85) null,
- PrincipalID int null,
- DefaultDB sysname null,
- IsDisabled bit not null default(0));
- Declare @ServerRoles Table (SRoleID int identity(1, 1) not null primary key,
- AcctID int not null,
- RoleName sysname not null);
- Declare @DBs Table (DBsID int identity(1, 1) not null primary key,
- DBName sysname not null);
- Declare @DBRoles Table (DBRoleID int identity(1, 1) not null primary key,
- SysID varbinary(85) null,
- DBName sysname not null,
- RoleName sysname not null default('Public'),
- DBUser sysname null);
- /* Enter Login to search for here */
- Set @Login = 'domain\user';
- Set NoCount On;
- Insert Into @LogInfo (AcctName, AcctType, Privilege, MappedLogin, PermissionPath)
- Exec xp_logininfo @Login, 'all';
- If Exists (Select 1 From @LogInfo)
- Begin
- Update @LogInfo
- Set PermissionPath = MappedLogin
- Where PermissionPath Is Null;
- Update LI
- Set SysID = SID, PrincipalID = principal_id, DefaultDB = default_database_name, IsDisabled = is_disabled
- From @LogInfo LI
- Inner Join sys.server_principals SP On SP.name = LI.PermissionPath;
- Insert Into @ServerRoles (AcctID, RoleName)
- Select LI.AcctID, SP.name
- From @LogInfo LI
- Inner Join sys.server_role_members RM On RM.member_principal_id = LI.PrincipalID
- Inner Join sys.server_principals SP On SP.principal_id = RM.role_principal_id
- Where SP.type = 'R';
- Insert Into @DBs (DBName)
- Select name
- From sys.databases;
- Select @MaxID = Max(DBsID), @CurrID = 1
- From @DBs;
- While @CurrID <= @MaxID
- Begin
- Select @DBName = DBName
- From @DBs
- Where DBsID = @CurrID;
- Set @SQL = 'Select ''' + @DBName + ''', IsNull(DRP.name, ''Public''), DP.sid, DP.name
- From ' + quotename(@DBName) + '.sys.database_principals DP
- Left Join ' + quotename(@DBName) + '.sys.database_role_members RM On RM.member_principal_id = DP.principal_id
- Left Join ' + quotename(@DBName) + '.sys.database_principals DRP On DRP.principal_id = RM.role_principal_id
- Where (DRP.type = ''R'' Or DRP.type Is Null)
- And DP.Type In (''U'', ''G'');';
- Insert Into @DBRoles (DBName, RoleName, SysID, DBUser)
- Exec sp_executesql @SQL;
- Set @CurrID = @CurrID + 1;
- End
- Select AcctName As [Account Name], AcctType As [Account Type], Privilege As [Highest Privilege], PermissionPath As [Parent Login], DefaultDB As [Default DB]
- From @LogInfo;
- If Exists (Select 1 From @ServerRoles SR
- Inner Join @LogInfo LI On LI.AcctID = SR.AcctID)
- Or Exists (Select 1 From @LogInfo LI
- Inner Join sys.server_principals SP On SP.[name] = LI.PermissionPath Or SP.principal_id = LI.PrincipalID
- Inner Join sys.server_permissions PM On PM.grantee_principal_id = LI.PrincipalID
- Where SP.type In ('G', 'U')
- And PM.state = 'G'
- And PM.type <> 'COSQ')
- Begin
- Select LI.PermissionPath As [Parent Login], RoleName As [Server Role]
- From @ServerRoles SR
- Inner Join @LogInfo LI On LI.AcctID = SR.AcctID
- Union
- Select SP.[name], Cast(PM.permission_name as sysname) Collate SQL_Latin1_General_CP1_CI_AS
- From @LogInfo LI
- Inner Join sys.server_principals SP On SP.[name] = LI.PermissionPath Or SP.principal_id = LI.PrincipalID
- Inner Join sys.server_permissions PM On PM.grantee_principal_id = LI.PrincipalID
- Where SP.type In ('G', 'U')
- And PM.state = 'G'
- And PM.type <> 'COSQ';
- End
- Else
- Begin
- Select 'None' As [Parent Login], 'None' As [Server Role];
- End
- If Exists (Select 1 From @DBRoles DR
- Inner Join @LogInfo LI On LI.SysID = DR.SysID)
- Begin
- Select DR.DBName As [Database], LI.PermissionPath As [Parent Login], RoleName As [Database Role], DBUser As [Database user]
- From @DBRoles DR
- Inner Join @LogInfo LI On LI.SysID = DR.SysID;
- End
- Else
- Begin
- Select 'None' As [Database], 'None' As [Parent Login], 'None' As [Database Role], 'None' As [Database user]
- From @LogInfo;
- End
- End
- Else
- Begin
- RaisError('No login mappings found for this account.', 16, 1);
- End
- Set NoCount Off;
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement