Applies to all databases. sysprotects contains information on permissions that have been granted to, or revoked from, users, groups, and roles.
The columns for sysprotects are:
Name |
Datatype |
Description |
---|---|---|
id |
int |
ID of the object to which this permission applies. Has an ID of 0 when the permission granted is create table, create default, and so on. |
uid |
int |
ID of the user, group, or role to which this permission applies. |
action |
smallint |
See the following list for permissions. |
protecttype |
tinyint |
One of the following values:
|
columns |
varbinary(133) |
Bitmap of columns to which this select, update, decrypt, or references permission applies. columns is also a bitmap of permitted roles for set session authorization. |
grantor |
int |
User ID of the grantor. If the grantor is a system administrator, the user ID of the object owner is used. |
predid |
int |
Object ID of predicated privilege |
status |
smallint |
0x0001 – indicates that the privilege (or denial) is predicated |
1 = alter any object owner *
2 = alter any table *
3 = change password *
4 = checkpoint any database *
5 = select builtin
6 = checkpoint *
7 = create any default *
8 = create any function *
9 = create any index *
10 = create any object *
11 = create any procedure *
12 = create any rule *
13 = create any table *
14 = create any trigger *
15 = create any view *
16 = allow exceptional login *
17 = dbcc checkalloc
18 = dbcc checkalloc any database
19 = map external file *
20 = manage dump configuration *
21 = dbcc checkcatalog
22 = dbcc checkcatalog any database
25 = dbcc checkdb
26 = dbcc checkdb any database
29 = dbcc checkindex
30 = dbcc checkindex any database
33 = dbcc checkstorage
34 = dbcc checkstorage any database
37 = dbcc checktable
38 = dbcc checktable any database
41 = dbcc checkverify
42 = dbcc checkverify any database
45 = dbcc fix_text
46 = dbcc fix_text any database
49 = dbcc indexalloc
50 = dbcc indexalloc any database
53 = dbcc reindex
54 = dbcc reindex any database
57 = dbcc tablealloc
58 = dbcc tablealloc any database
61 = dbcc textalloc
62 = dbcc textalloc any database
65 = dbcc tune
66 = delete any table *
67 = drop any default *
68 = drop any function *
70 = drop any object *
71 = drop any procedure *
72 = drop any rule *
73 = drop any table *
74 = drop any trigger *
75 = drop any view *
76 = dump database *
77 = dump any database *
79 = execute any function *
80 = execute any procedure *
80 = identity_insert any table *
81 = identity_insert *
82 = identity_update any table *
85 = insert any table *
86 = kill *
87 = kill any process *
88 = load database *
89 = load any database *
90 = manage service key *
91 = manage abstract plans *
92 = manage any encryption key *
93 = manage any esp *
94 = manage any execution class *
95 = manage any login *
96 = manage any login profile *
97 = manage any object permission *
98 = manage any remote login *
99 = manage any statistics *
100 = manage any user *
101 = manage auditing *
102 = manage checkstorage *
103 = manage cluster *
104 = manage data cache *
105 = manage database *
106 = manage database permissions *
107 = manage disk *
108 = manage lock promotion threshold *
109 = manage master key *
110 = manage replication *
111 = manage resource limit *
112 = manage roles *
113 = manage security configuration *
114 = manage security permissions *
115 = manage server *
116 = manage server configuration *
117 = manage server permissions *
118 = monitor qp performance *
119 = monitor server replication *
120 = mount any database *
121 = online any database *
122 = online database *
123 = own any database *
125 = own database *
126 = quiesce any database *
129 = references any table *
130 = report checkstorage *
131 = reorg any table *
132 = select any audit table *
133 = select any system catalog *
134 = select any table *
135 = set tracing any process *
136 = setuser
137 = shutdown *
138 = transfer any table *
139 = manage any thread pool *
140 = truncate any table *
141 = unmount any database *
144 = update any security catalog *
145 = update any table *
146 = use any database *
148 = use database *
149 = set switch *
150 = show switch *
151 = references
152 = truncate any audit table *
153 = decrypt any table *
155 = manage column encryption key *
156 = manage any database *
167 = set proxy
193 = select
195 = insert
196 = delete
197 = update
198 = create table
203 = create database
207 = create view
221 = create trigger
222 = create procedure
224 = execute
233 = create defaulr
235 = dump transaction
236 = create rule
253 = connect
280 = create function
282 = delete statistics
320 = truncate table
326 = update statistics
347 = set tracing
353 = decrypt
354 = create encryption key
368 = transfer table
Bit |
Decimal Value |
Description |
---|---|---|
0 |
1 |
Permission on all columns |
1 |
2 |
Permission on column 1 |
2 |
4 |
Permission on column 2 |
[...] |
||
n |
2n |
Permission on column n |
Values that are not an exact power of 2 indicate a combination of columns.
Unique clustered index on id, action, grantor, uid, protecttype, predid