August 7, 2009 at 4:03 am
Dear all
I have a issue where a developer has write access to the prod database, but I can find out where. I have checked all the security roles/groups/permissions but im unable to trace any reference to this.
There is a AD group called xxxxxreaders which this user is a member of and is part if the datareader role and seems to work fine for all other dev's.
Is there a script to find out which group/role the user is coming via while connected to SSMS?
Any help is appreciated.
JL
August 7, 2009 at 7:43 am
Hi,
I think this may help you.
select dp.NAME AS principal_name,dp.type_desc AS principal_type_desc,
o.NAME AS object_name,p.permission_name,p.state_desc AS permission_state_desc
from sys.database_permissions p left OUTER JOIN sys.all_objects o
on p.major_id = o.OBJECT_ID inner JOIN sys.database_principals dp
on p.grantee_principal_id = dp.principal_id
[font="Verdana"]Thanks
Chandra Mohan[/font]
August 7, 2009 at 8:23 am
A very handy script...
This assisted me in finding the loop-hole!
Rgds
JL
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply