The below queries illusrate how to extract database privileges which are in effect
for users in the database; note the dbo aliases are ignored.
-- list privileges for each user
select u.name,v.name
from sysprotects p, master.dbo.spt_values v, sysusers u
where p.uid=u.uid
and p.action=v.number
and p.protecttype=1
and v.type = 'T'
and u.name!= 'dbo'
go
-- generate revoke commands for non-typical access
select 'revoke', name from sysobjects where id in
(
select p.id
from sysprotects p, master.dbo.spt_values v, sysusers u
where p.uid=u.uid
and p.action=v.number
and p.protecttype=1
and v.type = 'T'
and u.name!= 'dbo'
and v.name not in ('Delete','Execute','Insert','References','Select','Update')
)
go
No comments:
Post a Comment