开发者

How to tell if SQL Server user can view every table in database

开发者 https://www.devze.com 2023-02-03 07:14 出处:网络
I have an application that lets users browse data in a SQL database, and I\'d like to warn the user if they don\'t have rights t开发者_运维知识库o see every table. I\'m getting a list of tables by doi
相关专题:sql-server

I have an application that lets users browse data in a SQL database, and I'd like to warn the user if they don't have rights t开发者_运维知识库o see every table. I'm getting a list of tables by doing a SELECT on sys.objects, but if the user doesn't have SELECT rights on a table, it doesn't show up in that query, so there's no way I can see to know what I don't know.

I don't even need to know what in particular I'm missing, just if there's anything the user can't view. Anybody know how to accomplish this?

CLARIFICATION:

I'm creating a tool that can be run against any SQL Server, so I'm not looking to set up permissions to see every object - I just want to know if the current user can. If they don't have rights, that's fine - I just want to make sure they know that, since the results they get won't reflect the entire database.

I'm not exactly sure if this is in line with any security concerns of yours, but my idea would be to create a user called SELECT_ALL that has select rights to all tables, create a connection with SELECT_ALL and query the sys.objects table, pass the list of tables (or just a count(*) if you want to simply know if the user has complete access or anything less than complete), close the connection, then repeat with the user's credentials and compare.

You need to mask the sys.objects query with a user with different permissions that can see the lot. The best way is EXECUTE AS OWNER in a view or udf. This enumerates all objects (if dbo owns everything) thus allowing you to find out what is missing (which is masked by metadata visibility)

CREATE VIEW dbo.mymask
WITH EXECUTE AS OWNER --the magic
AS
SELECT * FROM sys.objects
GO

SELECT 
   *
FROM
   dbo.mymask v
   LEFT JOIN
   sys.objects o2 ON v.object_id = o.object_id

If you use roles, or want to do it in one then something like

CREATE VIEW dbo.mymask
WITH EXECUTE AS OWNER --the magic
AS
SELECT ...
FROM
   sys.objects O
   JOIN
   sys.database_permissions DP ON ...     --premissions
   JOIN
   sys.database_principals R ON DP. = R  --role
   etc to role members etc
WHERE
   xxx.name = ORIGINAL_LOGIN()
GO
0

上一篇:

:下一篇

更多 问答 相关资讯:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

    关注公众号

    热门标签

    图文推荐

    Delphi - Custom drawing a message list

    Delphi - Custom drawing a message list
    C++ header-only include pattern

    C++ header-only include pattern
    IE7 Margin Collapses Into Padding

    IE7 Margin Collapses Into Padding
    in CoffeeScript, how can I use a variable as a key in a hash?

    in CoffeeScript, how can I use a variable as a key in a hash?
    Interactive visualization of a graph in python [closed]

    Interactive visualization of a graph in python [closed]
    How to customise PHP MYSQL tables?

    How to customise PHP MYSQL tables?
    High quality, simple random password generator

    High quality, simple random password generator
    Image Recognition ApI in android

    Image Recognition ApI in android

    开发者开发者网给大家分享系统运维,大数据运维,云计算,编程开发技巧,路由交换,运维和开发相关的资讯及技术文章,同时StackOverflow中文社区,知识经验交流分享。

    法律声明:本站内容均为网友上传,网站举办方负责审核和监督,如存在版权或非法内容,欢迎举报,我们将尽快予以删除。邮箱:devze@qq.com

    Copyright © 2018-2020 开发者. All rights reserved. Powered by 开发者ICP备案号: 京ICP备10032868号-9