sysprotects

Applies to all databases. sysprotects contains information on permissions that have been granted to, or revoked from, users, groups, and roles.

Columns

The columns for sysprotects are:

Name

Datatype

Description

id

int

ID of the object to which this permission applies. Has an ID of 0 when the permission granted is create table, create default, and so on.

uid

int

ID of the user, group, or role to which this permission applies.

action

smallint

See the following list for permissions.

protecttype

tinyint
One of the following values:

  • 0 = grant with grant

  • 1 = grant

  • 2 = revoke

columns

varbinary(133)

Bitmap of columns to which this select, update, decrypt, or references permission applies.

columns is also a bitmap of permitted roles for set session authorization.

grantor

int

User ID of the grantor. If the grantor is a system administrator, the user ID of the object owner is used.

predid

int

Object ID of predicated privilege

status

smallint

0x0001 – indicates that the privilege (or denial) is predicated
sysprotects action column values are:

  • 1 = alter any object owner *

  • 2 = alter any table *

  • 3 = change password *

  • 4 = checkpoint any database *

  • 5 = select builtin

  • 6 = checkpoint *

  • 7 = create any default *

  • 8 = create any function *

  • 9 = create any index *

  • 10 = create any object *

  • 11 = create any procedure *

  • 12 = create any rule *

  • 13 = create any table *

  • 14 = create any trigger *

  • 15 = create any view *

  • 16 = allow exceptional login *

  • 17 = dbcc checkalloc

  • 18 = dbcc checkalloc any database

  • 19 = map external file *

  • 20 = manage dump configuration *

  • 21 = dbcc checkcatalog

  • 22 = dbcc checkcatalog any database

  • 25 = dbcc checkdb

  • 26 = dbcc checkdb any database

  • 29 = dbcc checkindex

  • 30 = dbcc checkindex any database

  • 33 = dbcc checkstorage

  • 34 = dbcc checkstorage any database

  • 37 = dbcc checktable

  • 38 = dbcc checktable any database

  • 41 = dbcc checkverify

  • 42 = dbcc checkverify any database

  • 45 = dbcc fix_text

  • 46 = dbcc fix_text any database

  • 49 = dbcc indexalloc

  • 50 = dbcc indexalloc any database

  • 53 = dbcc reindex

  • 54 = dbcc reindex any database

  • 57 = dbcc tablealloc

  • 58 = dbcc tablealloc any database

  • 61 = dbcc textalloc

  • 62 = dbcc textalloc any database

  • 65 = dbcc tune

  • 66 = delete any table *

  • 67 = drop any default *

  • 68 = drop any function *

  • 70 = drop any object *

  • 71 = drop any procedure *

  • 72 = drop any rule *

  • 73 = drop any table *

  • 74 = drop any trigger *

  • 75 = drop any view *

  • 76 = dump database *

  • 77 = dump any database *

  • 79 = execute any function *

  • 80 = execute any procedure *

  • 80 = identity_insert any table *

  • 81 = identity_insert *

  • 82 = identity_update any table *

  • 85 = insert any table *

  • 86 = kill *

  • 87 = kill any process *

  • 88 = load database *

  • 89 = load any database *

  • 90 = manage service key *

  • 91 = manage abstract plans *

  • 92 = manage any encryption key *

  • 93 = manage any esp *

  • 94 = manage any execution class *

  • 95 = manage any login *

  • 96 = manage any login profile *

  • 97 = manage any object permission *

  • 98 = manage any remote login *

  • 99 = manage any statistics *

  • 100 = manage any user *

  • 101 = manage auditing *

  • 102 = manage checkstorage *

  • 103 = manage cluster *

  • 104 = manage data cache *

  • 105 = manage database *

  • 106 = manage database permissions *

  • 107 = manage disk *

  • 108 = manage lock promotion threshold *

  • 109 = manage master key *

  • 110 = manage replication *

  • 111 = manage resource limit *

  • 112 = manage roles *

  • 113 = manage security configuration *

  • 114 = manage security permissions *

  • 115 = manage server *

  • 116 = manage server configuration *

  • 117 = manage server permissions *

  • 118 = monitor qp performance *

  • 119 = monitor server replication *

  • 120 = mount any database *

  • 121 = online any database *

  • 122 = online database *

  • 123 = own any database *

  • 125 = own database *

  • 126 = quiesce any database *

  • 129 = references any table *

  • 130 = report checkstorage *

  • 131 = reorg any table *

  • 132 = select any audit table *

  • 133 = select any system catalog *

  • 134 = select any table *

  • 135 = set tracing any process *

  • 136 = setuser

  • 137 = shutdown *

  • 138 = transfer any table *

  • 139 = manage any thread pool *

  • 140 = truncate any table *

  • 141 = unmount any database *

  • 144 = update any security catalog *

  • 145 = update any table *

  • 146 = use any database *

  • 148 = use database *

  • 149 = set switch *

  • 150 = show switch *

  • 151 = references

  • 152 = truncate any audit table *

  • 153 = decrypt any table *

  • 155 = manage column encryption key *

  • 156 = manage any database *

  • 167 = set proxy

  • 193 = select

  • 195 = insert

  • 196 = delete

  • 197 = update

  • 198 = create table

  • 203 = create database

  • 207 = create view

  • 221 = create trigger

  • 222 = create procedure

  • 224 = execute

  • 233 = create defaulr

  • 235 = dump transaction

  • 236 = create rule

  • 253 = connect

  • 280 = create function

  • 282 = delete statistics

  • 320 = truncate table

  • 326 = update statistics

  • 347 = set tracing

  • 353 = decrypt

  • 354 = create encryption key

  • 368 = transfer table

Description of Bits in the column Column

Bit

Decimal Value

Description

0

1

Permission on all columns

1

2

Permission on column 1

2

4

Permission on column 2

[...]

n

2n

Permission on column n

Values that are not an exact power of 2 indicate a combination of columns.

Note: Permissions for the action column marked with an asterisk (*) take effect only when granular permissions is enabled.

Indexes

Unique clustered index on id, action, grantor, uid, protecttype, predid

Parent topic: System Tables