sys.dm_server_external_policy_principal_assigned_actions (Transact-SQL)
Applies to: 
SQL Server 2022 (16.x)
Azure SQL Database
Lists all database and server principals created from Microsoft Entra ID (formerly Azure Active Directory), joined with roles, joined with their data actions.
Note
This view returns one record per assignment. If the same action has been assigned at multiple scopes (like via different role-assignments or different scopes), there will be multiple rows with the same action name in the result set.
| Column name | Data type | Description |
|---|---|---|
| principal_sid | varbinary(85) | SID (Security-IDentifier) of the principal. |
| principal_aad_object_id | nvarchar(36) | Microsoft Entra Object ID of the principal. Is unique within an Azure tenant. |
| action_type | nvarchar(256) | The type of an operation: Connect, Select. |
| action_namespace | nvarchar(20) | The path or namespace on which the action type part applies to. |
| role_name | nvarchar(128) | ID for joining with other dynamic management views. |
| role_guid | nvarchar(128) | The role name as defined in external policy source. Has to be unique. |
| policy_guid | nvarchar(128) | Unique identifier of the policy that defines this assignment. |
| role_assignment_scope | nvarchar(4000) | The hierarchical representation of the resource(s) that this assignment applies to. |
| role_assignment_type | int | Type of the assignment: 1, 2 |
| role_assignment_type_desc | nvarchar(5) | Type of the assignment description: Allow, Deny |
Permissions
Principals must have the VIEW SERVER SECURITY STATE permission.