Re: How to verify whether a user has been added to a database role

From: "Dan Guzman" <guzmanda@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Thu, 28 Aug 2008 20:02:20 -0500

Does it look like the correct way to implement the function with the CTE?

Yes, I think your function will return the desired result.

--
Hope this helps.

Dan Guzman
SQL Server MVP
http://weblogs.sqlteam.com/dang/

"Peter" <Peter@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:E0B312D6-6BF8-41F8-9C64-78BA7CEE5B3E@xxxxxxxxxxxxxxxx

Hi Dan,

The CTE works. I have never used CTE before. I create the following user
function temporarily to see how I can use the CTE in a function. I just have
the parameter for the user but will add the parameter for the role later.
Does it look like the correct way to implement the function with the CTE?
Thanks.

CREATE function [dbo].[check_role](@user varchar(100))
returns bit
as begin
declare @bexist bit
select @bexist = 0;
WITH role_hierarchy
AS
(
SELECT
rm.member_principal_id,
rm.role_principal_id
FROM sys.database_role_members rm
WHERE
rm.role_principal_id = USER_ID('SQLAgentUserRole')
UNION ALL
SELECT
rm.member_principal_id,
rm.role_principal_id
FROM sys.database_role_members rm
JOIN role_hierarchy rh ON
rh.member_principal_id = rm.role_principal_id
)
SELECT @bexist = 1 FROM role_hierarchy rh
WHERE USER_NAME(rh.member_principal_id) = @user
return @bexist
end

"Dan Guzman" wrote:

Hi, Peter.

> I just realize that using those views are more complicated since the > user
> and the desired role may be related thru a hierarchy not a direct
> relationship.

The CTE below ought to identify indirect membership:

WITH role_hierarchy
AS
(
SELECT
rm.member_principal_id,
rm.role_principal_id
FROM sys.database_role_members rm
WHERE
rm.role_principal_id = USER_ID('role_name')
UNION ALL
SELECT
rm.member_principal_id,
rm.role_principal_id
FROM sys.database_role_members rm
JOIN role_hierarchy rh ON
rh.member_principal_id = rm.role_principal_id
)
SELECT 'is a member' FROM role_hierarchy rh
WHERE USER_NAME(rh.member_principal_id) = 'user_name';

--
Hope this helps.

Dan Guzman
SQL Server MVP
http://weblogs.sqlteam.com/dang/

References:
- How to verify whether a user has been added to a database role?
  - From: Peter
- Re: How to verify whether a user has been added to a database role?
  - From: Dan Guzman
- Re: How to verify whether a user has been added to a database role
  - From: Peter
- Re: How to verify whether a user has been added to a database role
  - From: Peter

Prev by Date: Re: restore backup : access denied
Next by Date: Re: Website & SQL Server Security
Previous by thread: Re: How to verify whether a user has been added to a database role
Next by thread: Re: How to verify whether a user has been added to a database role?
Index(es):
- Date
- Thread

Relevant Pages

Re: How to verify whether a user has been added to a database role
... "Dan Guzman" wrote: ... The CTE below ought to identify indirect membership: ...
(microsoft.public.sqlserver.security)
Re: How to verify whether a user has been added to a database role
... I have never used CTE before. ... UNION ALL ... "Dan Guzman" wrote: ... The CTE below ought to identify indirect membership: ...
(microsoft.public.sqlserver.security)
Re: [NOW ANSWER Aarons QUESTION CELKO]
... I personally don't care about "elegant" code. ... clients since SQL 2005 came out was that only a VERY small percentage of ... SQL Server MVP ... CTE but I am hardly able to use this technique with DB2. ...
(microsoft.public.sqlserver.programming)
Re: SQL optimisation, stop the sub query as soon as an error is found
... SQL Server MVP ... kgboles a earthlink dt net ... I was doing it the other way because it was originally written with a CTE ...
(microsoft.public.sqlserver.programming)
Re: Yukon Question
... Ben-Gan shows some examples of how to expand a hierarchy using CTE: ... David Portas ... SQL Server MVP ...
(microsoft.public.sqlserver.programming)