WITH CTE_Role (name,role,type_desc)
AS
(SELECT PRN.name,
srvrole.name AS [role] ,
Prn.Type_Desc
FROM sys.server_role_members membership
INNER JOIN (SELECT * FROM sys.server_principals WHERE type_desc='SERVER_ROLE') srvrole
ON srvrole.Principal_id= membership.Role_principal_id
RIGHT JOIN sys.server_principals PRN
ON PRN.Principal_id= membership.member_principal_id WHERE Prn.Type_Desc NOT IN ('SERVER_ROLE') AND PRN.is_disabled =0
UNION ALL
SELECT p.[name], 'ControlServer' ,p.type_desc AS loginType FROM sys.server_principals p
JOIN sys.server_permissions Sp
ON p.principal_id = sp.grantee_principal_id WHERE sp.class = 100
AND sp.[type] = 'CL'
AND state = 'G' )
SELECT
name,
Type_Desc ,
'Y' AS 'Public',
CASE WHEN [sysadmin] =1 THEN 'Y' ELSE '' END AS 'SysAdmin' ,
CASE WHEN [securityadmin] =1 THEN 'Y' ELSE '' END AS 'SecurityAdmin',
CASE WHEN [serveradmin] =1 THEN 'Y' ELSE '' END AS 'ServerAdmin',
CASE WHEN [setupadmin] =1 THEN 'Y' ELSE '' END AS 'SetupAdmin',
CASE WHEN [processadmin] =1 THEN 'Y' ELSE '' END AS 'ProcessAdmin',
CASE WHEN [diskadmin] =1 THEN 'Y' ELSE '' END AS 'DiskAdmin',
CASE WHEN [dbcreator] =1 THEN 'Y' ELSE '' END AS 'DBCreator',
CASE WHEN [bulkadmin] =1 THEN 'Y' ELSE '' END AS 'BulkAdmin' ,
CASE WHEN [ControlServer] =1 THEN 'Y' ELSE '' END AS 'ControlServer'
FROM CTE_Role
PIVOT(
COUNT(role) FOR role IN ([public],[sysadmin],[securityadmin],[serveradmin],[setupadmin],[processadmin],[diskadmin],[dbcreator],[bulkadmin],[ControlServer])
) AS pvtWHERE
WHERE name not like '%#%'
AND name not in ('_expressProvisioning','public','sysadmin','securityadmin','serveradmin','setupadmin','processadmin','diskadmin','dbcreator','bulkadmin')
Order by name;
You can edit exception list to remove account that you do not want.
AS
(SELECT PRN.name,
srvrole.name AS [role] ,
Prn.Type_Desc
FROM sys.server_role_members membership
INNER JOIN (SELECT * FROM sys.server_principals WHERE type_desc='SERVER_ROLE') srvrole
ON srvrole.Principal_id= membership.Role_principal_id
RIGHT JOIN sys.server_principals PRN
ON PRN.Principal_id= membership.member_principal_id WHERE Prn.Type_Desc NOT IN ('SERVER_ROLE') AND PRN.is_disabled =0
UNION ALL
SELECT p.[name], 'ControlServer' ,p.type_desc AS loginType FROM sys.server_principals p
JOIN sys.server_permissions Sp
ON p.principal_id = sp.grantee_principal_id WHERE sp.class = 100
AND sp.[type] = 'CL'
AND state = 'G' )
SELECT
name,
Type_Desc ,
'Y' AS 'Public',
CASE WHEN [sysadmin] =1 THEN 'Y' ELSE '' END AS 'SysAdmin' ,
CASE WHEN [securityadmin] =1 THEN 'Y' ELSE '' END AS 'SecurityAdmin',
CASE WHEN [serveradmin] =1 THEN 'Y' ELSE '' END AS 'ServerAdmin',
CASE WHEN [setupadmin] =1 THEN 'Y' ELSE '' END AS 'SetupAdmin',
CASE WHEN [processadmin] =1 THEN 'Y' ELSE '' END AS 'ProcessAdmin',
CASE WHEN [diskadmin] =1 THEN 'Y' ELSE '' END AS 'DiskAdmin',
CASE WHEN [dbcreator] =1 THEN 'Y' ELSE '' END AS 'DBCreator',
CASE WHEN [bulkadmin] =1 THEN 'Y' ELSE '' END AS 'BulkAdmin' ,
CASE WHEN [ControlServer] =1 THEN 'Y' ELSE '' END AS 'ControlServer'
FROM CTE_Role
PIVOT(
COUNT(role) FOR role IN ([public],[sysadmin],[securityadmin],[serveradmin],[setupadmin],[processadmin],[diskadmin],[dbcreator],[bulkadmin],[ControlServer])
) AS pvtWHERE
WHERE name not like '%#%'
AND name not in ('_expressProvisioning','public','sysadmin','securityadmin','serveradmin','setupadmin','processadmin','diskadmin','dbcreator','bulkadmin')
Order by name;
You can edit exception list to remove account that you do not want.
No comments:
Post a Comment