I’m responsible for some test database servers. Historically, too many other poeple have access to them. They run on SQL Server 2005.
I’ve been writing queries and wrapping them in scripts so I can run a regular audit of rights. Finding out which users had Administrator rights on the server itself was fine, as was finding out who had the sysadmin role on their login – it was a single line query for the latter.
But how to find out which logins have a User Mapping to a particular (or any) database?
I can find the sys.database_principals and sys.server_principals tables. I have located the sys.databases table. I haven’t worked out how to find out which users have rights on a database, and if so, what.
Every Google search brings up people manually using the User Mapping pane of the Login dialog, rather than using a query to do so. Any ideas?
Here’s how to do this. I ended up finding reference to a sproc in the MSDN docs. I pulled this from the sproc and wrapped it in a loop of all the databases known to the instance.
This then reports the users that have DBO who perhaps shouldn’t. I’ve already revoked some admin access from some users that they didn’t need. Thanks everyone!