diff --git a/AppService/appservice.md b/AppService/appservice.md index 5697526..68603bc 100644 --- a/AppService/appservice.md +++ b/AppService/appservice.md @@ -86,8 +86,7 @@ ALTER ROLE db_datawriter ADD MEMBER []; - Próba, nem működik :( - Frissítsük az SqlClient-et: `dotnet add package Microsoft.Data.SqlClient --version 5.0.1` (**nem!** System.Data.SqlClient) Commit+push. - - tipp a felhasználók listázásához - + - Ellenőrző szkript felhasználók listázásához ```sql select name as username, create_date, @@ -99,6 +98,24 @@ where type not in ('A', 'G', 'R', 'X') and sid is not null order by username; ``` + - Ellenőrző szkript jogosultságok listázásához +```sql +-- List of database roles for the MSI user +SELECT dp.name AS principal_name, dp.type_desc AS principal_type, r.name AS role_name +FROM sys.database_role_members AS m +JOIN sys.database_principals AS dp ON m.member_principal_id = dp.principal_id +JOIN sys.database_principals AS r ON m.role_principal_id = r.principal_id +WHERE dp.name = 'your_msi_principal'; + +-- List of object-level permissions for the MSI user (optional) +SELECT d.name AS object_name, dp.name AS principal_name, dp.type_desc AS principal_type, p.permission_name +FROM sys.database_permissions AS p +JOIN sys.database_principals AS dp ON p.grantee_principal_id = dp.principal_id +LEFT JOIN sys.objects AS d ON p.major_id = d.object_id +WHERE dp.name = 'your_msi_principal'; +``` + + ## Csatlakozás fejlesztői gépről AD felhasználóként