This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 63%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECK%3C/text%3E%3C/svg%3E)
Good Morning,
Previous DBA created some AD Groups as logins. He added this to some roles. I want to know what permissions the AD Group logins have?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 2%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESX%3C/text%3E%3C/svg%3E)
Hi @Chaitanya Kiran ,
We have not received a response from you. Did the reply could help you? If the response helped, do "Accept Answer". If it doesn't work, please let us know the progress. By doing so, it will benefit all community members who are having this similar issue. Your contribution is highly appreciated.
Best regards,
Seeya
You may have to look in SQL Server Management Studio and connect to the instance.
Look in Security/Logins. Open the group and look in Server Roles and User Mapping
You can use sys.database_principals and sys.database_role_members to find out the role membership.
You can use sys.database_permissions to see what permission that have been granted to a certain principal, for instance:
SELECT perm.*
FROM sys.database_permissions perm
JOIN sys.database_principals dp ON perm.grantee_principal_id = dp.principal_id
WHERE dp.name = 'rolename'
Since a Windows login can be member of many AD groups, it can be quite a bit of work to list the exact permissions for a login. A different approach is to use sys.fm_my_permissions():
SELECT DISTINCT s.name + '.' + o.name, p.permission_name
FROM sys.objects o
JOIN sys.schemas s ON o.schema_id = s.schema_id
CROSS APPLY sys.fn_my_permissions(s.name + '.' + o.name, 'OBJECT') p
And then you need to run similar queries for other securable classes to get the full story.
Hi Erland,
Previous DBA also created some roles. How can I know what all permissions this role has?
I think that my reply above is good for that.
You may also find this blog post from Sebastian Meine helpful: https://sqlity.net/en/2584/script-database-permissions/
Hi @Chaitanya Kiran ,
Erland uses several key DMVs which works well, so you can try it.
All you need to do is execute it and check the output.
In a UI view of the way, here are the screenshots.
step1
step2
Best regards,
Seeya
If the response is helpful, please click "Accept Answer" and upvote it, as this could help other community members looking for similar queries.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.