result of vulnerability assessment
I want to identify the users and their permissions to the SQL database and remove users and their permissions from unnecessary access. Do share if there are other alternatives to the resolve these vulnerabilities.
Currently I'm using the SQL query:
select *
from sys.sysusers
Which displays all the permissions but not the users assigned to the permission
Already answered here:
https://stackoverflow.com/a/52371316/3844277
Run following query in SSMS:
SELECT
u.name AS [Name],
'Server[#Name=' + quotename(CAST(
serverproperty(N'Servername')
AS sysname),'''') + ']' + '/Database[#Name=' + quotename(db_name(),'''') + ']' + '/User[#Name=' + quotename(u.name,'''') + ']' AS [Urn],
u.create_date AS [CreateDate],
u.principal_id AS [ID],
CAST(CASE dp.state WHEN N'G' THEN 1 WHEN 'W' THEN 1 ELSE 0 END AS bit) AS [HasDBAccess]
FROM
sys.database_principals AS u
LEFT OUTER JOIN sys.database_permissions AS dp ON dp.grantee_principal_id = u.principal_id and dp.type = 'CO'
WHERE
(u.type in ('U', 'S', 'G', 'C', 'K' ,'E', 'X'))
ORDER BY
[Name] ASC
Related
There are many databases on my server, recently of them one (which I am the dbo on) has become inaccessible through SSMS. When I expand the tables node in 'object explorer' for this database I get the following error:
Subquery returned more than 1 value. This is not permitted when the subquery follows =, !=, <, <= , >, >= or when the subquery is used as an expression. (.Net SqlClient Data Provider)
However, I can execute selects successfully on that database and other users are not having this problem.
I have;
Checked my login for incorrect settings.
Checked my user for incorrect settings.
Restarted the SQL Server Engine.
Repaired SSMS using the installer utility.
Would very much appreciate your input, I am stumped (this has never happened before).
EDIT: After tracing using SQL Profiler and causing this event I extracted the query and ran it in a SSMS session window. The returned results are from the wrong database.
EDIT: Further to this, I ran dbcc checkdb(databasename) and no errors were returned, I then did the same for master, no errors were returned.
EDIT: The query being executed when I expand the table folder:
exec sp_executesql N'SELECT
tbl.name AS [Name],
SCHEMA_NAME(tbl.schema_id) AS [Schema],
''Server[#Name='' + quotename(CAST(
serverproperty(N''Servername'')
AS sysname),'''''''') + '']'' + ''/Database[#Name='' + quotename(db_name(),'''''''') + '']'' + ''/Table[#Name='' + quotename(tbl.name,'''''''') + '' and #Schema='' + quotename(SCHEMA_NAME(tbl.schema_id),'''''''') + '']'' AS [Urn],
tbl.create_date AS [CreateDate],
CAST(tbl.is_memory_optimized AS bit) AS [IsMemoryOptimized],
CAST(CASE idx.type WHEN 5 THEN 1 ELSE 0 END AS bit) AS [HasClusteredColumnStoreIndex],
CAST(tbl.is_remote_data_archive_enabled AS bit) AS [RemoteDataArchiveEnabled],
tbl.temporal_type AS [TemporalType],
CAST(CASE WHEN ''PS''=dsidx.type THEN 1 ELSE 0 END AS bit) AS [IsPartitioned],
CAST(
ISNULL((SELECT 1 from sys.all_columns
WHERE object_id = tbl.object_id
AND is_sparse = 1), 0)
AS bit) AS [HasSparseColumn]
FROM
sys.tables AS tbl
LEFT OUTER JOIN sys.periods as periods ON periods.object_id = tbl.object_id
LEFT OUTER JOIN sys.tables as historyTable ON historyTable.object_id = tbl.history_table_id
INNER JOIN sys.indexes AS idx ON
idx.object_id = tbl.object_id and (idx.index_id < #_msparam_0 or (tbl.is_memory_optimized = 1 and idx.index_id = (select min(index_id) from sys.indexes where object_id = tbl.object_id)))
LEFT OUTER JOIN sys.data_spaces AS dsidx ON dsidx.data_space_id = idx.data_space_id
WHERE
(CAST(
case
when tbl.is_ms_shipped = 1 then 1
when (
select
major_id
from
sys.extended_properties
where
major_id = tbl.object_id and
minor_id = 0 and
class = 1 and
name = N''microsoft_database_tools_support'')
is not null then 1
else 0
end
AS bit)=#_msparam_1 and tbl.is_filetable=#_msparam_2 and CAST(tbl.is_memory_optimized AS bit)=#_msparam_3 and tbl.temporal_type=#_msparam_4 and CAST(tbl.is_external AS bit)=#_msparam_5)
ORDER BY
[Schema] ASC,[Name] ASC',N'#_msparam_0 nvarchar(4000),#_msparam_1 nvarchar(4000),#_msparam_2 nvarchar(4000),#_msparam_3 nvarchar(4000),#_msparam_4 nvarchar(4000),#_msparam_5 nvarchar(4000)',#_msparam_0=N'2',#_msparam_1=N'0',#_msparam_2=N'0',#_msparam_3=N'0',#_msparam_4=N'0',#_msparam_5=N'0'
EDIT: As a work-around, I reinstalled the SSMS 2014. I can access my tables through here.
There is nothing wrong with your database, it's a known issue with SSMS 16.5.2 and has been reported to product team. Please revert back to previous release of SSMS if it causes too much trouble. For more information, please refer to this thread.
Apparently this only happens when the database have table(s) with more than one sparse column.
Try it's
SELECT
NAME
FROM [base].SYS.triggerS
WHERE parent_class_desc = 'DATABASE'
Take the trigger name and perform the procedure below
DISABLE TRIGGER [dbo].[trigger_name]
I want to see the list of access which provided for my account in SQL Server? How can I see in SQL Server Management Studio? Or do I need to run a query to see this?
These scripts might work for you. Assuming you have permission to run them.
USE [YourDatabaseName]
--Server level security
SELECT sp.state_desc,
sp.permission_name,
principal_name = QUOTENAME(spl.name),
spl.type_desc,
sp.state_desc + N' ' + sp.permission_name + N' TO ' + cast(QUOTENAME(spl.name COLLATE DATABASE_DEFAULT) as nvarchar(256)) AS "T-SQL Script"
FROM sys.server_permissions sp
inner join sys.server_principals spl on (sp.grantee_principal_id = spl.principal_id)
where spl.name not like '##%' -- skip PBM accounts
AND spl.name = 'YourUserName'
ORDER by sp.permission_name, spl.name
--Database level security
SELECT dp.state_desc,
dp.permission_name,
QUOTENAME(dpl.name) AS 'principal_name',
dpl.type_desc,
dp.state_desc + N' ' + dp.permission_name + N' TO ' + CAST(QUOTENAME(dpl.name COLLATE DATABASE_DEFAULT) AS NVARCHAR(500)) AS "T-SQL Script"
FROM sys.database_permissions AS dp
INNER JOIN sys.database_principals AS dpl ON (dp.grantee_principal_id = dpl.principal_id)
WHERE dp.major_id = 0
AND dpl.name NOT LIKE '##%' -- excluds PBM accounts
AND dpl.name = 'YourUserName'
ORDER BY dp.permission_name ASC, dp.state_desc ASC
SELECT
USER_NAME(grantee_principal_id) AS 'User'
, state_desc AS 'Permission'
, permission_name AS 'Action'
, CASE class
WHEN 0 THEN 'Database::' + DB_NAME()
WHEN 1 THEN OBJECT_NAME(major_id)
WHEN 3 THEN 'Schema::' + SCHEMA_NAME(major_id)
END AS 'Securable'
FROM sys.database_permissions dp
WHERE class IN (0, 1, 3)
AND minor_id = 0
AND USER_NAME(grantee_principal_id) = 'YourUserName';
You can get it through sys.fn_my_permissions
Returns a list of the effective permissions of the caller on the database
SELECT * FROM fn_my_permissions (NULL, 'DATABASE');
Likewise, you can view user permissions at different levels(SERVER,OBJECT,etc)
This query is failing in SQL Server over the PGNP provider:
SELECT 1 AS x
FROM pg_catalog.pg_attribute a
LEFT OUTER JOIN pg_catalog.pg_index i
ON (i.indrelid = a.attrelid
AND a.attnum = i.indkey[a.attnum-1])
This is the error message returned:
The OLE DB provider "PGNP" for linked server "XXX" indicates that either the object has no columns or the current user does not have permissions on that object.
If I run this query directly on the PostgreSQL server with pgAdmin, it returns results. Furthermore, if I remove the clause "a.attnum = i.indkey[a.attnum-1]", the query works over the PGNP provider. (I need this clause in my original query to identify which of a table's columns is the primary key.)
What is the issue, and how do I resolve it?
For the record, this is the complete query that I am executing, from which the query above was excerpted:
SELECT c.relname as table_name, a.attname as column_name
, t.typname as type_name
, i.indisunique AS is_unique_key
, i.indisprimary AS is_primary_key
, CASE t.typname
WHEN 'bpchar' THEN 'char('+CAST(atttypmod - 4 AS VARCHAR)+')'
WHEN 'numeric' THEN 'numeric('+CAST((atttypmod - 4)/65536 AS VARCHAR)
+','+CAST((atttypmod - 4)%65536 AS VARCHAR)
+')'
WHEN 'text' THEN 'varchar(max)'
WHEN 'varchar' THEN 'varchar('+CASE atttypmod WHEN -1 THEN 'max' ELSE CAST(atttypmod-4 AS VARCHAR) END+')'
ELSE t.typname
END as type_name_1
, CAST(CASE atttypmod WHEN -1 THEN NULL ELSE atttypmod - 4 END AS INT4) AS type_precision_scale
FROM pg_catalog.pg_attribute a
JOIN pg_catalog.pg_class c on ( a.attrelid = c.oid)
JOIN pg_catalog.pg_namespace n on (c.relnamespace = n.oid)
JOIN pg_catalog.pg_type t on (a.atttypid = t.oid)
LEFT OUTER JOIN pg_catalog.pg_index i
ON (c.oid = i.indrelid
AND i.indrelid = a.attrelid
AND a.attnum = i.indkey[a.attnum-1])
WHERE c.relkind = 'r' and a.attnum > 0
AND n.nspname = 'public'
I'm new to StackOverflow, and new to SQL Server, I'd like you to help me with some troublesome query.
This is my database structure(It's half spanish, hope doesn't matter)
Database
My problem is that I don't now how to make a query that states which team is local and which is visitor(using table TMatch, knowing that the stadium belongs to only one team)
This is as far as I can get
Select P.NroMatch, (select * from fnTeam (P.TeamA)) as TeamA,(select * from fnTeam (P.TeamB)) as TeamB,
(select * from fnEstadium (P.CodEstadium)) as Estadium, (cast(P.GolesTeamA as varchar)) + '-' + (cast(P.GolesTeamA as varchar)) as Score,
P.Fecha
from TMatch P
Using this functions:
If object_id ('fnTeam','fn')is not null
drop function fnTeam
go
create function fnTeam(#CodTeam varchar(5))
returns table
return(Select Name from TTeam where CodTeam = #CodTeam)
go
select * from fnTeam ('Eq001')
go
----****
If object_id ('fnEstadium','fn')is not null
drop function fnEstadium
go
create function fnEstadium(#CodEstadium varchar(5))
returns table
return(Select Name from TEstadium where CodEstadium = #CodEstadium)
go
I hope I'd explained myself well, and I thank you help in advance
EDIT:
Thanks for the help, this is what I've been looking for
Select P.NroMatch,
CASE
WHEN Ts.CodTeam= Ta.CodTeamTHEN Ta.Name
ELSE Tb.Name
END
As TeamLocal,
CASE
WHEN Ts.CodTeam<> Ta.CodTeamTHEN Ta.Name
ELSE Tb.Name
END
As TeamVisitante,
Ts.Name as Estadium,
(cast(P.GolesTeamA as varchar)) + '-' + (cast(P.GolesTeamB as varchar)) as Score,
P.Fecha
from
TMatch P
join TTeamTa ON Ta.CodTeam= P.TeamA
join TTeamTb ON Tb.CodTeam= P.TeamB
join TEstadium Ts ON Ts.CodEstadium = P.CodEstadium
You do not need to use 'lookup' functions for this (and shouldn't), joins are a better approach:
Select
P.NroMatch,
Ta.Name as TeamA,
Tb.Name as TeamB,
Ts.Name as Estadium,
cast(P.GolesTeamA as varchar)) + '-' + (cast(P.GolesTeamA as varchar) as Score,
P.Fecha,
CASE
WHEN Ts.CodTeam = Ta.Name THEN Ta.Name
ELSE Tb.Name
END As HomeTeam,
CASE
WHEN Ts.CodTeam <> Ta.Name THEN Ta.Name
ELSE Tb.Name
END As VistorTeam
from
TMatch P
join TTeam Ta ON Ta.CodTeam = P.TeamA
join TTeam Tb ON Tb.CodTeam = P.TeamB
join TEstadium Ts ON Ts.CodEstadium = P.CodEstadium
If you are new to SQL, it might be useful searching SO for some resources such as these:
SQL Tutorial
SQL Tutorial
Is there any utility availble to count the total lines of user created Stored Procedure, Function, Views in a Database?
For SQL Server 2005 and 2008.
This includes all code including blank lines and trailing blank lines, but not the last line (no CRLF). So it's averages out... but it would always be an approximation anyway.
WITH CRLF AS
(
SELECT
CHARINDEX('
', definition) AS CRLF,
SM.[object_ID]
FROM
sys.sql_modules SM
WHERE
OBJECT_NAME([object_ID]) not in ('fn_diagramobjects', 'sp_alterdiagram', 'sp_creatediagram', 'sp_dropdiagram', 'sp_helpdiagramdefinition', 'sp_helpdiagrams', 'sp_renamediagram', 'sp_upgraddiagrams', 'sysdiagrams')
UNION ALL
SELECT
CHARINDEX('
', definition, C.CRLF + 2),
SM.[object_ID]
FROM
sys.sql_modules SM
JOIN
CRLF C ON SM.[object_ID] = C.[object_ID]
WHERE
CHARINDEX('
', definition, C.CRLF + 2) > C.CRLF
)
SELECT
COUNT(*)
FROM
CRLF
OPTION
(MAXRECURSION 0)
Edit:
You may need OBJECTPROPERTY(SM.[object_ID], 'IsMSShipped') = 0 or explicitly exclusions for diagram code etc
Edit 2:
From other solution in otehr answer, corrected to not give "-1" for check constraints and apply same filters/types
select t.sp_name, sum(t.lines_of_code) as lines_ofcode, t.type_desc
from
(
select o.name as sp_name,
(len(c.text) - len(replace(c.text, char(13), ''))) as lines_of_code,
case when o.xtype = 'P' then 'Stored Procedure'
when o.xtype in ('FN', 'IF', 'TF') then 'Function'
end as type_desc
from sysobjects o
inner join syscomments c
on c.id = o.id
where --o.xtype in ('V', 'P', 'FN', 'IF', 'TF', 'TR')
--and
o.category = 0
AND
o.name not in ('fn_diagramobjects', 'sp_alterdiagram', 'sp_creatediagram', 'sp_dropdiagram', 'sp_helpdiagramdefinition', 'sp_helpdiagrams', 'sp_renamediagram', 'sp_upgraddiagrams', 'sysdiagrams')
) t
group by t.sp_name, t.type_desc
order by 1
COMPUTE SUM (sum(t.lines_of_code))
They all give the same results here on several databases. eg 4607 for a SQL Server 2005 SP2 ReportServer database...
Not that I know of, but you could look through the stuff in sysobjects and execute sp_helptext on each proc and view and count the newlines.
If you want a non CTE based solution you could do something like this:
select sum(newlines) from
(
select newlines = (datalength(definition) - datalength(replace(definition, '
', ' '))) / 2 from sys.sql_modules
) as a