How to check access privileges?
SELECT
A.ROLENAME,
A.GRANTEE,
A.GRANTOR,
B.DATABASENAME,
B.TABLENAME,
B.COLUMNNAME,
D.ACCESSRIGHT_DESC ACCESSRIGHT,
B.GRANTORNAME,
C.DEFAULTDATABASE,
C.DEFAULTACCOUNT,
C.ROLENAME DEFAULTROLENAME,
C.PROFILENAME,
C.OWNERNAME
FROM
DBC.ROLEMEMBERS A
JOIN
DBC.ALLROLERIGHTS B
ON
A.ROLENAME=B.ROLENAME
JOIN
DBC.USERS C
ON
C.USERNAME=A.GRANTEE
JOIN
DBA.ACCESSRIGHT_REF D
ON
B.ACCESSRIGHT=D.ACCESSRIGHT
;
In addition to seeing all rights by user, I need to see all users who have access to a particular database.
as in,
SELECT username
, accessright
, [ 'N/A' or rolename]
, [direct|role|subrole]
FROM
WHERE Databasename = 'some-db' ;
SELECT
A.ROLENAME,
A.GRANTEE,
A.GRANTOR,
A.DefaultRole,
A.WithAdmin,
B.DATABASENAME,
B.TABLENAME,
B.COLUMNNAME,
B.GRANTORNAME
--,B.AccessRight
FROM
DBC.ROLEMEMBERS A
JOIN
DBC.ALLROLERIGHTS B
ON A.ROLENAME = B.ROLENAME
--WHERE Grantee='dwh'
GROUP BY 1,2,3,4,5,6,7,8,9--,10
ORDER BY 2,1,6;
When I ran the macro, it took off and did not return a result set after several minutes. Do I need to add a "level" limiting parameter ?
Also, I'll need to flip the question around a bit. In addition to seeing all rights by user, I need to see all users who have access to a particular database.as in,
SELECT username, access right, [‘N/A' or role name], [direct|role|subrole] FROM WHERE Database name = 'some-db’;
SELECT
A.ROLENAME,A.GRANTEE, A.GRANTOR, A.DefaultRole,A.WithAdmin,
B.DATABASENAME, B.TABLENAME, B.COLUMNNAME,B.GRANTORNAME ,B.AccessRight FROM DBC.ROLEMEMBERS A JOIN DBC.ALLROLERIGHTS B ON A.ROLENAME = B.ROLENAME WHERE Grantee='dws' GROUP BY 1,2,3,4,5,6,7,8,9--,10 ORDER BY 2,1,6;
No comments:
Post a Comment