This script audits SQL Server users and permissions across all databases on an instance. It consolidates server-level logins, database users, Windows groups, and role memberships into a single result set.
It is useful during security reviews, access audits, migrations, or when validating permissions after changes.
The Script
Example Output
The result set shows consolidated role memberships and user assignments per database. It lists server-level connection principals along with database-level SQL users and Windows groups.
This makes it easier to:
- Identify unexpected elevated role memberships
- Spot missing access across databases
- Review User permissions coming from Windows group assignments
- Validate permissions during audits
Notes
- Requires sysadmin permissions to execute
- Supports optional inclusion of databases without access
- Uses impersonation for consistent permission visibility
- Useful during migrations, audits, and security reviews
Leave a Reply