How to list Item permissions for security roles pre ITMS 8.0?
The following SQL queries can be run on the pre 8.0 database to help review permissions of security role. These queries would not work on ITMS 8.0 due to major database schema changes.
/* Here is a query that returns permissions for a specific security role. You will need to put in the GUID of that role that is in question. */
select sr.name as [Security Role], i.Guid as [Object Guid], i.Name as [Object Name], sp.name as [Permission], sad.Inherited, st.Trustee as [Role SID], st.guid as [Trustee Guid] from vitem i join SecurityAceData sad on sad.entityguid = i.securityguid join securitytrusteepermission stp on stp.Id = sad.TrusteePermissionId join securityPermission sp on sp.guid = stp.PermissionGuid join securityRole sr on sr.Trusteeguid = stp.TrusteeGuid join securitytrustee st on st.guid = sr.trusteeguid where sr.guid = '2E1F478A-4986-4223-9D1E-B5920A63AB41' -- Symantec Administrators and sad.Inherited = 0 order by i.name, sp.name
/* List of security roles.*/ select * from SecurityRole
Note: It is recommended to document custom security role configuration for recovery purposes and for user access reviews.
Subscribing will provide email updates when this Article is updated. Login is required.