sysprotects

All databases

Description

sysprotects contains information on permissions that have been granted to, or revoked from, users, groups, and roles.

Columns

The columns for sysprotects are:

Name

Datatype

Description

id

int

ID of the object to which this permission applies. Users are given an id of 0 when they are granted the ability to run create table or create default.

uid

int

ID of the user, group, or role to which this permission applies.

action

smallint

One of the following permissions:

  • 151 = references

  • 167 = set proxy or set session authorization

  • 187 = set statistics on

  • 188 = set statistics off

  • 193 = select

  • 195 = insert

  • 196 = delete

  • 197 = update

  • 198 = create table

  • 203 = create database

  • 205 = grant

  • 206 = revoke

  • 207 = create view

  • 221 = create trigger

  • 222 = create procedure

  • 224 = execute

  • 228 = dump database

  • 233 = create default

  • 235 = dump transaction

  • 236 = create rule

  • 253 = connect

  • 282 = delete statistics

  • 317 = dbcc

  • 320 = truncate table

  • 326 = update statistics

  • 347 = set tracing

  • 368 = transfer table

protecttype

tinyint

One of the following values:

  • 0 = grant with grant

  • 1 = grant

  • 2 = revoke

  • 3 = deny – reflects that the protection roe is for a denial.

columns

varbinary(133)

Bitmap of columns to which this select, update , or references permission applies. The bits indicate the following:

  • 0 = indicates all columns.

  • 1 = means permission applies to that column.

  • NULL = means no information.

columns is also a bitmap of permitted roles for set session authorization.

grantor

int

User ID of the grantor. If the grantor is a system administrator, the user ID of the object owner is used.

pred_id

int

Object ID of predicated privilege

protstatus

smallint

  • PROT_PREDICATED – indicates that the privilege (or denial) is predicated

  • PROT_ROW_FILTER – indicates that the predicate is a where clause

Indexes