Login/Register
How to check who has access to symmetric keys in SQL Server
Asked Answered
Solved sql-serveruser-permissionssymmetric-key
L

3

5

I would like to know all the users that have access to symmetric keys and the type of access they have. Can you please let me know how I can do this?

Launcelot answered 13/6, 2014 at 18:28 Comment(0)
S
5

Maybe this query can help:

select u.name, p.permission_name, p.class_desc, 
    object_name(p.major_id) ObjectName, state_desc 
from sys.database_permissions  p join sys.database_principals u
on p.grantee_principal_id = u.principal_id
where class_desc = 'SYMMETRIC_KEYS'
Stegall answered 13/6, 2014 at 18:40 Comment(2)
This query helps. Thank you very much.Launcelot
Found this resource helpful: mssqlguru.wordpress.com/2009/05/05/…. It further breaks down the logic of a related database vulnerability scan finding.Eward
B
7

The answers above do not actually reflect the Object Name, please consider this instead:

select
      [database] = db_name()
    , u.name
    , p.permission_name
    , p.class
    , p.class_desc
    , ObjectNameForObjectORColumn
        = object_name(p.major_id) 
    , objectNameActual
        = case class_desc
            when 'SYMMETRIC_KEYS' then sm.name              
            when 'CERTIFICATE' then [cert].name             
      end
    , state_desc 
from sys.database_permissions  p 
inner join sys.database_principals u
    on p.grantee_principal_id = u.principal_id
left outer join sys.symmetric_keys sm
    on p.major_id = sm.symmetric_key_id
    and p.class_desc = 'SYMMETRIC_KEYS'
left outer join sys.certificates [cert]
    on p.major_id = [cert].[certificate_id]
    and p.class_desc = 'CERTIFICATE'
where class_desc in('SYMMETRIC_KEYS', 'CERTIFICATE')
order by u.name

More here https://danieladeniji.wordpress.com/2015/10/09/sql-server-list-permissions-for-user/

Brooklime answered 15/10, 2015 at 18:43 Comment(1)
ObjectNameForObjectORColumn vs objectNameActual is fabulousAnecdotist
S
5

Maybe this query can help:

select u.name, p.permission_name, p.class_desc, 
    object_name(p.major_id) ObjectName, state_desc 
from sys.database_permissions  p join sys.database_principals u
on p.grantee_principal_id = u.principal_id
where class_desc = 'SYMMETRIC_KEYS'
Stegall answered 13/6, 2014 at 18:40 Comment(2)
This query helps. Thank you very much.Launcelot
Found this resource helpful: mssqlguru.wordpress.com/2009/05/05/…. It further breaks down the logic of a related database vulnerability scan finding.Eward
C
0

This improved query provides the name of the current database, to avoid mistakes. Additionally, if you're using SYMMETRIC KEYS, usually you're also using CERTIFICATES, that's why is a good choice to view the CERTIFICATE permissions as well:

select db_name(), u.name, p.permission_name, p.class_desc, 
    object_name(p.major_id) ObjectName, state_desc 
from sys.database_permissions  p join sys.database_principals u
    on p.grantee_principal_id = u.principal_id
    where class_desc in('SYMMETRIC_KEYS', 'CERTIFICATE')
order by u.name
Cavour answered 9/10, 2015 at 21:38 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.