Makaleler

 

Sunumlar

 

Duyurular

 

Etkinlik Programı

 

Web Seminerler

 

Etkinlik Kayıtları

 

Videolar

 

Podcast

 

Kayıtlı İçerik

 

Forum

 

İletişim

 

Hakkımızda

Etiket Bulutu

Benchmark Convert_IMplicit Database High Availability Database Mirroring datawarehouse dimension table dmv Dynamic Data Masking Execution Execution Plans fact table Failover Cluster Node ekleme Failover Clustering FileStream generate script High Availability Implicit Instant File Initialization index Kinect Linux Live Query Statistics Log Shipping Mirroring object explorer object explorer details ODBC Driver pass performance performance tuning Plan Handle Planü Power View reporting services rol Row Level Security script sql serer 2016 sql server SQL Server 2008 SQL Server 2008 Log Shipping SQL Server 2012 SQL Server 2012 installation SQL Server 2012 Kurulumu SQL Server Backup SQL Server da Backup planı SQL Server da Maintenance Plans oluşturma SQL Server database mirroring SQL Server Disaster Recovery sql server dynamic management views SQL Server Failover Cluster SQL Server High Availability SQL Server Log Shipping SQL Server Maintenace Plans sql server performans SQLDIAG SQLDIAG Troubleshooting T24 Temenos truncate table t-sql unique index performance 1. Dünya savaşı istatistikleri 1456 451 ACID advanced analytics Advanced Data Analytics Affinity algı Alter index Alter table ALTER TABLE .. ALTER COLUMN Altın Oran Always On ALWAYSON AlwaysOnDemoTool amazon web services kinesis AMR analiz analysis service Ankara Antivirus apache kafka Arduino Article Assembly asymmetric audit Authentication Auto Growth Availability Group azure Azure Backup azure event hub partition azure event hubs azure event hubs servisi azure event hubs veri edinme Azure File Share Azure Fiyatlandırma Azure HDInsight Azure Hizmet Modelleri Azure ML Azure New Portal Azure Pricing Azure Queue azure sql database configuration azure sql database kullanımı azure sql database stream veriyi tutma azure sql database table partitioning Azure Storage azure stream analytics azure stream analytics dashboard azure stream analytics ölçeklendirilmesi azure stream analytics servisi Azure Table BA Backup backup encyrption backupset Bakım BASE bellek Best Practice BI Semantic Model Big Data Big User blocking blocking disable trigger blocking enable trigger Buffer Cache buffer pool Buffer Pool Extension bulk logged Buluta Veri Depolama Buluttaki Disk Business Analytics Conference business intelligence Büyük Veri Case Central Management Server certificate changed data capture Cloud Computing Cloud DR CLR Cluster clustered columnstore index Clustered Index Code Snippets Cold Purging collation column store column-level columnstore ColumnStore Indexes Compress ComputerNamePhysicalNetBIOS Concurrency Conditions Contained Database Contained Databases convert CONVERT_IMPLICIT Corruption Credentials cube DAC Dashboard Tasarımı data cleansing Data Compression Data Consistency Model data encryption data matching data mining Data Page data profiling data quality Data Services Data Warehouse Design Database database list Database Management Sistem database master key Database Mirroring Database Snapshot database trigger database-level Data-Ink Ratio datasets datasource DataZen date date dimension db_owner DBA DBCC dbcc dropcleanbuffers dbcc freeproccache DBMS dbo user DDL deadlock debugging DecryptByKey DecryptByPassPhrase deleted bitmap delta store Denali Denali SSAS deny database list deşifre detail index developer DIFFERENTIAL BACKUP DirectQuery Dirty Read Disaster Recovery Distribution Yapılandırma Distributor Distributor Agent dm_server_services DMF DMO DMV document db dosya bazlı şifreleme dqs dr Dynamic Management Function Dynamic Management Object Dynamic Management View ecrypt Effected Report Design Techniques Eğitim EncryptByKey EncryptByPassPhrase encryption endpoint Environment Variable error Error 5030 Error Log Estetik Raporlama Estimated Rows Eş Zamanlılkk Etkili Rapor Tasarlama Teknikleri Etkinlik ETL event Event Viewer except;intersect;sql execution Execution Plan export formats extended events Extended Stored Procedure Facets Failover Failover Cluster fast n execution plan FETCH NEXT FILELISTONLY FILLFACTOR File Table file-level FileStream Filter Pack Filtered Index First_Value Flat File fn_repl_hash_binary Focal Point foreignkey FORMAT Forwarded Record forwarded_record_count ftp task FULL BACKUP Full Recovery Full-Text Search functions Gartner Geocluster Gerçek Zamanlı Dashboard gestalt Golden Ratio görsel duyu group by Güvenlik ha Hadoop hafıza Hash HASHBYTES HEADERONLY headers footers Heap Hekaton hicri High Availability hijr Hiyerarşi Hybrid Cloud IaaS Index Index Scan In-Memory InMemory DW In-Memory DW InMemory OLTP In-Memory OLTP Internet of People Internet of Things IO IOT IoT nedir Isolation Level indeks index inmemory in-memory oltp internet of things isolation level istatistik istatistikler İş zekası İzolasyon Seviyesi Job json json support knowledge base kolon-satır bazlı kurulum küp Lag Lansman latch Lead linked server lock locking locking hints Log Backup Log Reader Agent Log Shipping login Lost-Update LQS Machine Learning Maintenance Management Studio matrix Max Text Replication Size mdx memory Memory Optimization Advisor Memory Optimized Table Memory Optimized Tables merge Merge Agent merge kullanımı Merge Publication Merge Replication merge type 1 slowly changing dimension merge type 1 slowly changing dimension örneği merge type 1 vs type 2 scd merge type 2 slowly changing dimension merge type 2 slowly changing dimension örneği merge type 3 slowly changing dimension merge type 4 slowly changing dimension message Microsoft Advanced Data Analytics Çözümleri microsoft azure Microsoft Bulut Microsoft Sanal Akademi Microsoft SQL Server Microsoft SQL Server 2014 Yenilikleri Microsoft SQL Server 2016 Mirror mirroring missing index Monitoring move Msdb multi_user multiversion concurrency control MVP MVP Roadshow MySnippet Named Pipes Natively Store Procedures Natively Stored Procedures Nesnelerin İnterneti Network Binding Order NoEngine Approaches nonclustered columnstore index Non-Repetable Read NoSQL NoSQL Approaches NoSQL Dünyası object explorer Odak Noktası ODBC Office 365 Offline OFFSET olap OLAP Backup OLE DB OLTP Online Index order attributes Otomatik Büyüme OVER PaaS PAD_INDEX page out page properties PAGE RESTORE PAGEIOLATCH paging parameters partition partitioning PASS PASS Summit PASS Summit 2014 Performance Performance Tuning performans performans tuning Phantom Read pivot Policies Policy Based Management Filtreleme Policy Management Power BI Power BI Dashboard Power BI Rest API power bi power view PowerBI PowerBI for Office 365 powerbi PowerMap PowerPivot PowerQuery powershell powershell ile sql yönetimi PowerView PowerView raporlarının web sayfalarına gömülmesi precon Primary Key primarykey Project Deployment Model Project Variable Protokol Proxy Proxy Account Publisher Purging on Independent Tables QL Server 2014 Yenilikleri Que Reader Agent Query Plan query store R Range Raporlama Raporlama Projeleri için Strateji Belirleme Raporlama Projelerine Hazırlık Read Committed Read Uncommitted RealTime Dashboard Rebuild RECONFIGURE RECONFIGURE WITH OVERRIDE Recovery model Relational Engine relationships Rename SSRS Database Repeatable Read Replication Replication Monitoring replikasyon report manager web site report parts reporting service reporting services reporting servis Resource Governor RESTORE Restore Database Restore Generate Restore Generate Script Restore transaction log rollback rs Rule of Thirds sa user SaaS sayfalama scd 3 demo scd karşılaştırma scd type 4 demo Scheduling Schema Comparison script Security segment elimination select into Self-Service BI Semantic Search Serializable Server Core SERVERPROPERTY Service services shared data sources shared datasets Shared Memory sharepoint Sharepoint 2010 ShowPlan Shrink simple recovery sing_user sliding window Slowly Changing Dimension snapshot Snapshot Agent Snapshot Publication Snapshot Replication Snippet snowflake sorting sp_configure sp_describe_first_result_set sp_server_diagnostics sp_spaceused sql SQL Agent Job SQL Azure sql bilgi yarışması SQL CLR SQL DIAG SQL DIAG Performans verisi toplama SQL endpoint SQL Login SQL Onculeri SQL Öncüleri sql script sql server SQL Server 2005 SQL Server 2008 SQL Server 2011 CTP3 SQL Server 2011 Denali SQL Server 2012 SQL Server 2012 CTP3 SQL Server 2012 RC SQL Server 2012 RC0 SQL Server 2012 ShowPlan Enhancements SQL Server 2012 T-SQL Enhancements SQL Server 2014 Sql Server 2014 Cardinality Estimator SQL Server 2014 Yenilikleri sql server 2016 SQL Server 2016 New Features SQL Server 2016 Yenilikleri sql server agent sql server assembly ekleme SQL Server Authentication sql server cast ve convert sql server clr integration sql server clr kullanımı sql server clr örnek sql server cluster SQL Server Code Name Denali SQL Server da Kullanıcı Yaratma SQL Server Database Project sql server dmv ve dmf sql server execution plan temizleme SQL Server Express Backup sql server fast n option örneği sql server fast n seçeneği SQL Server login sql server management stdio sql server merge into örnek sql server merge komutu sql server merge performnas sql server merge type 1 scd sql server merge type 2 scd sql server merge type 3 scd SQL Server Mobile Report Publisher SQL Server Network Interface SQL Server Onculeri SQL Server Öncüleri SQL Server Öncüleri Ankara SQL Server Performance sql server performans SQL Server Profiler SQL server recovery model SQL Server Reporting Services SQL Server Restore Generate Script SQL Server sa SQL Server Security SQL Server SQL DIAG sql server tarih dönüşüm işlemi sql server tarihsel veriler ile çalışma SQL Server User SQL Server yetki SQL Server yetkilendirme sql servera .net kodu ekleme SQL Serverda yetkilendirme nasıl SQL Serverda yetkilendirme nasıl yapılır sql to oracle linked server sql türkiye SQL User With Password sql yarışma SQLCMD sql'den oracle'a linked server SQLDIAG SQLDIAG Report SQLOS sqlsaturay SQLSaturday SQLSaturday #182 SQLSaturday #359 sqlsaturday #451 sqlserveronculeri ssas SSAS 2012 SSIS SSIS 2012 ssis SSMS SSMS Project SSMS Solution ssrs Stanby Database star schema STOPAT STOPBEFOREMARK STORAGE Storage Engine stored procedure stream analytics job subreports Subscriber Subscription subscriptions symmetric SYS sys.dm_db_index_physical_stats sys.dm_db_index_usage_stats sys.dm_db_missing_index_columns sys.dm_db_missing_index_details sys.dm_db_missing_index_group_stats sys.dm_db_missing_index_groups sys.server_principals sysadmin System Databases System View şifre şifreleme table table difference TableHasClustIndex TableHasIdentity TableHasPrimaryKey Tablet PC Tabular Mode Tabular Model TCP/IP TDE Tempdb time series Transaction Transactional Publication Transactional Replication Transparent Data Encryption trigger Troubleshooting TRY_CONVERT TRY_PARSE tsql t-sql T-SQL 2012 tsql mistakes Undocument union unionall Updatable ColumnStore İndex upgrade Veri ambarı veri edinme seçenekleri Veri Güvenliği Veri Hizmetleri Veri madenciliği Veri Mürekkep Oranı Veri Tabanı Yönetim Sistemleri Veri Tipi Veri Tutarlılık Modelleri Veri Yönetimi Evrimi verinin evrimi Veritabanı oluşturmak VERİTABANI YEDEKLEME STRATEJİLERİ veritabanı yedeklerinin şifrelenmesi Veritabanı Yöneticisi Veritabanı Yönetimi VeritPaq view any database Visual Studio VTYS web services Webcast Windows 7 Windows 8 Windows Authentication Windows Azure Windows Failover Clustering wmi WRITELOG xevents xp_sqlagent_enum_jobs YEDEKLEME STRATEJİLERİ Yedekli Çalışma Yetkilendirme Yiğit Aktan ysfkhvc yusuf kahveci Yüksek Erişilebilirlik Yüksek Süreklilik zip

Arşiv

Yetki Sorgulama Scriptleri - 3 - Obje Bazında Verilen Yetkilerin Sorgulanması

Ekleyen: Turgay Sahtiyan Microsoft Senior SQL Server PFE Tarih:23.09.2011 Okunma Sayısı:2734


Çok kullanıcı sistemlerde güvenlik açısından her zaman tanımlı rollerin yetki olarak verilmesi uygun olmayabilir. Örneğin bir uygulama, veritabanında bulunan sadece bir tablodan veri okuyacaksa böyle bir durumda db_datareader yetkisi vermektense sadece ilgili tabloya yetki vermek daha anlamlı olacaktır. Tabii obje bazında yetki vermenin güvenlik açısından avantajı olduğu gibi yönetilebilirlik açısından dezavantajları bulunmaktadır. İşte bugün paylaşacağım sorgu ile obje bazında verilen yetkileri daha hızlı bir şekilde yönetebilirsiniz.

Obje bazında verilen yetkileri analiz etmek için kullanacağımız sorgu şu şekilde;

--paramaters
declare @Databases varchar(Max)='', –- istediğiniz DB ler için araştırma yapabilirsiniz.
  @GranteeUserName varchar(100)='', –- Hangi userların yetkisine bakmak istiyorsunuz?
  @GrantorUserName varchar(100)='dbo', -- Hangi user ın verdiği yetkilere bakmak istiyorsunuz?
  @ObjectName varchar(100)='' -- Hangi obje için verilmiş yetkilere bakmak istiyorsunuz?
--
--variables
declare @sql varchar(max)=''
declare @DBName varchar(MAx)
declare @DatabasesTmp varchar(max)=@Databases
Declare @Tbl_DB Table(DB varchar(Max))
Create Table ##DB_Permissions(DBName sysname,Obj_id int,ObjSchemaName sysname,Obj_Name sysname,UserID int
 ,UserName sysname,state_desc nvarchar(60),permission_name nvarchar(128))
--
--Split Databases
if @DatabasesTmp<>'' begin
 while @DatabasesTmp <> '' begin
  if CHARINDEX(',',@DatabasesTmp)>0 begin
   insert @Tbl_DB select SUBSTRING(@DatabasesTmp,1,CHARINDEX(',',@DatabasesTmp)-1)
   set @DatabasesTmp = SUBSTRING(@DatabasesTmp,CHARINDEX(',',@DatabasesTmp)+1,LEN(@DatabasesTmp))
  end else begin
   insert @Tbl_DB select @DatabasesTmp
   set @DatabasesTmp = ''
  end
 end
end else begin
 insert @Tbl_DB select name from sys.databases where database_id>4
end
--
      
--Code
declare Cursorx cursor for 
select DB from @Tbl_DB
open Cursorx
fetch from Cursorx into @DBName
while @@FETCH_STATUS=0
begin
 set @sql=
  'insert ##DB_Permissions ' + CHAR(10) +
  'select '''+@DBName+''',b.object_id as Obj_id,d.[name] as ObjSchemaName,b.[name] as Obj_Name ' + CHAR(10) +
  ' ,grantee_principal_id as UserID,c.[name] as UserName,a.[state_desc],a.[permission_name] ' + CHAR(10) +
  'from ['+@DBName+'].sys.database_permissions A ' + CHAR(10) +
  'JOIN ['+@DBName+'].[sys].[objects] b ON A.major_id = B.object_id ' + CHAR(10) +
  'JOIN ['+@DBName+'].[sys].[database_principals] c ON grantee_principal_id = c.principal_id ' + CHAR(10) +
  'JOIN ['+@DBName+'].[sys].[database_principals] c2 ON grantor_principal_id = c2.principal_id ' + CHAR(10) +
  'JOIN ['+@DBName+'].sys.schemas d ON b.schema_id = d.schema_id ' + CHAR(10) +
  'where ((isnull('''+@GranteeUserName+''','''')='''') or (c.name='''+@GranteeUserName+''')) ' + CHAR(10) +
  '  and ((isnull('''+@GrantorUserName+''','''')='''') or (c2.name='''+@GrantorUserName+''')) ' + CHAR(10) +
  '  and ((isnull('''+@ObjectName+''','''')='''') or (b.name='''+@ObjectName+''')) '
 --print @sql
 exec(@sql)
 fetch next from Cursorx into @DBName
end
close Cursorx
deallocate Cursorx

select * from ##DB_Permissions

drop table ##DB_Permissions


Örnek rapor çıktısı şu şekilde olacaktır:


audit güvenlik security

İlişkili Yazılar

yorum yaz

Üye Girişi

Kullanıcı Adınız

Şifreniz

Şifremi Unuttum

Arkadaşına Tavsiye Et

Tavsiye edebilmek için siteye giriş yapmalısınız