Re: How to verify whether a user has been added to a database role

---

• From: Peter <Peter@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Thu, 28 Aug 2008 11:45:05 -0700

---

Hi Dan,

The CTE works. I have never used CTE before. I create the following user
function temporarily to see how I can use the CTE in a function. I just have
the parameter for the user but will add the parameter for the role later.
Does it look like the correct way to implement the function with the CTE?
Thanks.

CREATE function [dbo].[check_role](@user varchar(100))
returns bit
as begin
declare @bexist bit
select @bexist = 0;
WITH role_hierarchy
AS
(
SELECT
rm.member_principal_id,
rm.role_principal_id
FROM sys.database_role_members rm
WHERE
rm.role_principal_id = USER_ID('SQLAgentUserRole')
UNION ALL
SELECT
rm.member_principal_id,
rm.role_principal_id
FROM sys.database_role_members rm
JOIN role_hierarchy rh ON
rh.member_principal_id = rm.role_principal_id
)
SELECT @bexist = 1 FROM role_hierarchy rh
WHERE USER_NAME(rh.member_principal_id) = @user
return @bexist
end

"Dan Guzman" wrote:

Hi, Peter.

I just realize that using those views are more complicated since the user
and the desired role may be related thru a hierarchy not a direct
relationship.

The CTE below ought to identify indirect membership:

WITH role_hierarchy
AS
(
SELECT
rm.member_principal_id,
rm.role_principal_id
FROM sys.database_role_members rm
WHERE
rm.role_principal_id = USER_ID('role_name')
UNION ALL
SELECT
rm.member_principal_id,
rm.role_principal_id
FROM sys.database_role_members rm
JOIN role_hierarchy rh ON
rh.member_principal_id = rm.role_principal_id
)
SELECT 'is a member' FROM role_hierarchy rh
WHERE USER_NAME(rh.member_principal_id) = 'user_name';

--
Hope this helps.

Dan Guzman
SQL Server MVP
http://weblogs.sqlteam.com/dang/

.

---

• Follow-Ups:
  • Re: How to verify whether a user has been added to a database role
    • From: Dan Guzman

• References:
  • How to verify whether a user has been added to a database role?
    • From: Peter
  • Re: How to verify whether a user has been added to a database role?
    • From: Dan Guzman
  • Re: How to verify whether a user has been added to a database role
    • From: Peter

• Prev by Date: Website & SQL Server Security
• Next by Date: Re: restore backup : access denied
• Previous by thread: Re: How to verify whether a user has been added to a database role
• Next by thread: Re: How to verify whether a user has been added to a database role
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: How to verify whether a user has been added to a database role ... "Dan Guzman" wrote: ... The CTE below ought to identify indirect membership: ... (microsoft.public.sqlserver.security) Re: How to verify whether a user has been added to a database role ... SQL Server MVP ... I have never used CTE before. ... "Dan Guzman" wrote: ... The CTE below ought to identify indirect membership: ... (microsoft.public.sqlserver.security) Re: Using a CTE for hierarchy data, from bottom up ... I, however, would not recommend that you do that since unless the query optimizer is a lot smarter than I think it is, moving the where to the outer query will cause the CTE to roll up every employee, and then the outer query will select only the employees you want. ... Union All Select 6, 5 ... (microsoft.public.sqlserver.programming) =?iso-8859-1?q?Re:_Zusammenh=E4ngende_Zeitr=E4ume_ermitteln?= ... Die Abfrage war noch nicht ... create table datentabelle (PersonID int, OrgID int, Von datetime, Bis ... union select 1,1,'20070401',null ... ;with cte as ( ... (microsoft.public.de.sqlserver) RE: Merging two select cases ... you aren't providing enough info but I am pretty sure adding a union ... SQL Server 2008, so CTE, CROSS APPLY, etc are welcomed. ... (microsoft.public.sqlserver.programming)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.sqlserver.security  > 2008-08