topic Re: Auditing Tools for SDE Users and Privileges in Data Management Questions https://community.esri.com/t5/data-management-questions/auditing-tools-for-sde-users-and-privileges/m-p/1230507#M44298 <P>--ORACLE-- Permissions Audit Example:</P><P>--ROLES--</P><P>SELECT * FROM DBA_ROLE_PRIVS WHERE GRANTEE = 'SDE';</P><P>--SYS PRIVILEGES--<BR />SELECT * FROM DBA_SYS_PRIVS WHERE GRANTEE = 'SDE';</P><P>--GEODATABASE USERS--</P><P>SELECT DISTINCT(OWNER) FROM SDE.TABLE_REGISTRY ORDER BY OWNER;</P><P>--ROLES--</P><P>SELECT * FROM DBA_ROLE_PRIVS WHERE GRANTEE IN (SELECT DISTINCT(OWNER) FROM SDE.TABLE_REGISTRY) ORDER BY 1,2;</P><P>--SYS PRIVILEGES--<BR />SELECT * FROM DBA_SYS_PRIVS WHERE GRANTEE IN (SELECT DISTINCT(OWNER) FROM SDE.TABLE_REGISTRY) ORDER BY 1,2;</P><P>--OBJECT PRIVILEGES--</P><P>SELECT * FROM DBA_TAB_PRIVS WHERE GRANTEE IN (SELECT DISTINCT(OWNER) FROM SDE.TABLE_REGISTRY) ORDER BY 1,2;</P><P>--ROLE PRIVILEGES</P><P>SELECT * FROM ROLE_TAB_PRIVS WHERE OWNER IN (SELECT DISTINCT(OWNER) FROM SDE.TABLE_REGISTRY) ORDER BY 1,2;</P><P>--ROLE SYS PRIVILEGES</P><P>SELECT * FROM ROLE_SYS_PRIVS<BR />WHERE ROLE IN<BR />(<BR />SELECT DISTINCT(ROLE) FROM ROLE_TAB_PRIVS WHERE OWNER IN (SELECT DISTINCT(OWNER) FROM SDE.TABLE_REGISTRY)<BR />)<BR />ORDER BY 1,2;</P><P>SELECT * FROM ROLE_SYS_PRIVS ORDER BY 1,2;</P><P>&nbsp;</P><P>I hope this helps with the Permissions Audit.</P><P>&nbsp;</P> Thu, 10 Nov 2022 17:48:01 GMT MarceloMarques 2022-11-10T17:48:01Z Auditing Tools for SDE Users and Privileges https://community.esri.com/t5/data-management-questions/auditing-tools-for-sde-users-and-privileges/m-p/1229544#M44291 <P>Client is asking for a an audit of users and permissions on 2 of their databases. there are 447 items within and I'm looking for a way to access user/privilege information via a script to generate a report.</P> Tue, 08 Nov 2022 15:53:33 GMT https://community.esri.com/t5/data-management-questions/auditing-tools-for-sde-users-and-privileges/m-p/1229544#M44291 NoahMiller 2022-11-08T15:53:33Z Re: Auditing Tools for SDE Users and Privileges https://community.esri.com/t5/data-management-questions/auditing-tools-for-sde-users-and-privileges/m-p/1229573#M44292 <P>For Enterprise Geodatabases on Oracle / SQL Server / PostgreSQL use the RDBMS Views to list the permissions granted for each user that needs to be audited, an experienced Database Administrator can create the report you are looking for very easy. For more information search the RDBMS documentation. I hope this helps.</P> Tue, 08 Nov 2022 16:36:27 GMT https://community.esri.com/t5/data-management-questions/auditing-tools-for-sde-users-and-privileges/m-p/1229573#M44292 MarceloMarques 2022-11-08T16:36:27Z Re: Auditing Tools for SDE Users and Privileges https://community.esri.com/t5/data-management-questions/auditing-tools-for-sde-users-and-privileges/m-p/1229576#M44293 <P>Ok, thank you. I'll reach out to our DBA.</P> Tue, 08 Nov 2022 16:45:24 GMT https://community.esri.com/t5/data-management-questions/auditing-tools-for-sde-users-and-privileges/m-p/1229576#M44293 NoahMiller 2022-11-08T16:45:24Z Re: Auditing Tools for SDE Users and Privileges https://community.esri.com/t5/data-management-questions/auditing-tools-for-sde-users-and-privileges/m-p/1230463#M44297 <P>This will give you the typical esri permission by user / object (leave out the where clause if you want everything)</P><P>SELECT dp.NAME AS principal_name,<BR />dp.TYPE_DESC AS principal_type_desc,<BR />o.NAME AS object_name,<BR />p.PERMISSION_NAME,<BR />p.STATE_DESC AS permission_state_desc<BR />FROM sys.database_permissions p<BR />LEFT OUTER JOIN sys.all_objects o<BR />ON p.MAJOR_ID = o.OBJECT_ID<BR />INNER JOIN sys.database_principals dp<BR />ON p.GRANTEE_PRINCIPAL_ID = dp.PRINCIPAL_ID<BR />where permission_name in ('select', 'delete', 'update', 'insert')<BR />order by principal_name</P> Thu, 10 Nov 2022 15:42:47 GMT https://community.esri.com/t5/data-management-questions/auditing-tools-for-sde-users-and-privileges/m-p/1230463#M44297 CraigSwadner 2022-11-10T15:42:47Z Re: Auditing Tools for SDE Users and Privileges https://community.esri.com/t5/data-management-questions/auditing-tools-for-sde-users-and-privileges/m-p/1230507#M44298 <P>--ORACLE-- Permissions Audit Example:</P><P>--ROLES--</P><P>SELECT * FROM DBA_ROLE_PRIVS WHERE GRANTEE = 'SDE';</P><P>--SYS PRIVILEGES--<BR />SELECT * FROM DBA_SYS_PRIVS WHERE GRANTEE = 'SDE';</P><P>--GEODATABASE USERS--</P><P>SELECT DISTINCT(OWNER) FROM SDE.TABLE_REGISTRY ORDER BY OWNER;</P><P>--ROLES--</P><P>SELECT * FROM DBA_ROLE_PRIVS WHERE GRANTEE IN (SELECT DISTINCT(OWNER) FROM SDE.TABLE_REGISTRY) ORDER BY 1,2;</P><P>--SYS PRIVILEGES--<BR />SELECT * FROM DBA_SYS_PRIVS WHERE GRANTEE IN (SELECT DISTINCT(OWNER) FROM SDE.TABLE_REGISTRY) ORDER BY 1,2;</P><P>--OBJECT PRIVILEGES--</P><P>SELECT * FROM DBA_TAB_PRIVS WHERE GRANTEE IN (SELECT DISTINCT(OWNER) FROM SDE.TABLE_REGISTRY) ORDER BY 1,2;</P><P>--ROLE PRIVILEGES</P><P>SELECT * FROM ROLE_TAB_PRIVS WHERE OWNER IN (SELECT DISTINCT(OWNER) FROM SDE.TABLE_REGISTRY) ORDER BY 1,2;</P><P>--ROLE SYS PRIVILEGES</P><P>SELECT * FROM ROLE_SYS_PRIVS<BR />WHERE ROLE IN<BR />(<BR />SELECT DISTINCT(ROLE) FROM ROLE_TAB_PRIVS WHERE OWNER IN (SELECT DISTINCT(OWNER) FROM SDE.TABLE_REGISTRY)<BR />)<BR />ORDER BY 1,2;</P><P>SELECT * FROM ROLE_SYS_PRIVS ORDER BY 1,2;</P><P>&nbsp;</P><P>I hope this helps with the Permissions Audit.</P><P>&nbsp;</P> Thu, 10 Nov 2022 17:48:01 GMT https://community.esri.com/t5/data-management-questions/auditing-tools-for-sde-users-and-privileges/m-p/1230507#M44298 MarceloMarques 2022-11-10T17:48:01Z