SQL Server用户权限审核

Question

下面是可能是一个SQL-Server数据库管理员的要求

想出一些过程审计谁访问了什么。可能包括：

1）Server登录

2）本地管理员

3）SQL服务器级别的角色，尤其是系统管理员

4）数据库DBO，读者，作家

5） master，msdb访问

6）来自用户帐户的链接服务器使用情况

7）公共 明确补助等

可能有人请我提供如何实现上述

感谢， SREE

Answer 1

您需要与系统表/视图工作。其中一个主要表格（实际上是一个视图）将是[master].[sys].[server_principals]，其中用户将被找到。

您还会发现[master].[sys].[server_permissions]是有用的，因为它有权限，而[master].[sys].[server_role_members]可以在其中找到角色。您将在此处找到数据库[master].[sys].[sysdatabases]

记下与用户相关的principalid。

而且在每个数据库中，你会发现景色如[Table].[sys].[sysusers]和[Table].[sys].[syslogins]

你必须做你自己的工作，以获得您所需要的应用程序。你会在网上和书中找到关于上述表格的大量信息。

Answer 2

我尝试了我自己的问题和解决以下我的目的

set nocount on 
declare @permission table (
Database_Name sysname, 
User_Role_Name sysname, 
Account_Type nvarchar(60), 
Action_Type nvarchar(128), 
Permission nvarchar(60), 
ObjectName sysname null, 
Object_Type nvarchar(60) 
) 
declare @dbs table (dbname sysname) 
declare @Next sysname 
insert into @dbs 
select name from sys.databases order by name 
select top 1 @Next = dbname from @dbs 
while (@@rowcount<>0) 
begin 
insert into @permission 
exec('use [' + @Next + '] 
declare @objects table (obj_id int, obj_type char(2)) 
insert into @objects 
select id, xtype from master.sys.sysobjects 
insert into @objects 
select object_id, type from sys.objects 

SELECT ''' + @Next + ''', a.name as ''User or Role Name'', a.type_desc as ''Account Type'', 
d.permission_name as ''Type of Permission'', d.state_desc as ''State of Permission'', 
OBJECT_SCHEMA_NAME(d.major_id) + ''.'' + object_name(d.major_id) as ''Object Name'', 
case e.obj_type 
when ''AF'' then ''Aggregate function (CLR)'' 
when ''C'' then ''CHECK constraint'' 
when ''D'' then ''DEFAULT (constraint or stand-alone)'' 
when ''F'' then ''FOREIGN KEY constraint'' 
when ''PK'' then ''PRIMARY KEY constraint'' 
when ''P'' then ''SQL stored procedure'' 
when ''PC'' then ''Assembly (CLR) stored procedure'' 
when ''FN'' then ''SQL scalar function'' 
when ''FS'' then ''Assembly (CLR) scalar function'' 
when ''FT'' then ''Assembly (CLR) table-valued function'' 
when ''R'' then ''Rule (old-style, stand-alone)'' 
when ''RF'' then ''Replication-filter-procedure'' 
when ''S'' then ''System base table'' 
when ''SN'' then ''Synonym'' 
when ''SQ'' then ''Service queue'' 
when ''TA'' then ''Assembly (CLR) DML trigger'' 
when ''TR'' then ''SQL DML trigger'' 
when ''IF'' then ''SQL inline table-valued function'' 
when ''TF'' then ''SQL table-valued-function'' 
when ''U'' then ''Table (user-defined)'' 
when ''UQ'' then ''UNIQUE constraint'' 
when ''V'' then ''View'' 
when ''X'' then ''Extended stored procedure'' 
when ''IT'' then ''Internal table'' 
end as ''Object Type'' 
FROM [' + @Next + '].sys.database_principals a 
left join [' + @Next + '].sys.database_permissions d on a.principal_id = d.grantee_principal_id 
left join @objects e on d.major_id = e.obj_id 
order by a.name, d.class_desc') 
delete @dbs where dbname = @Next 
select top 1 @Next = dbname from @dbs 
end 
set nocount off 
select * from @permission