I have the following SQL Server query:
SELECT dbp2.name AS nombre
FROM sys.server_principals AS sp JOIN
sys.database_principals AS dbp ON sp.sid=dbp.sid JOIN
sys.database_role_members AS dbrm ON dbp.principal_Id=dbrm.member_principal_Id JOIN
sys.database_principals AS dbp2 ON dbrm.role_principal_id=dbp2.principal_id
WHERE dbp.name = SUSER_NAME() AND dbp2.name NOT LIKE 'db_%';
This returns the database roles the current user belongs to, and I use this info to validate permissions inside my app (I'm using only Windows Users). For an unknown reason, this query returns empty for a normal user, but if I run this query as a sysadmin user changing SUSER_SNAME() with the user I want, It returns data. After several tests, I've found that when I'm logged as an user without sysadmin privileges, the system view sys.server_principals is not returning the user's own login, so, the join with the other views returns no data. The documentation at Microsoft about this system view states that
Any login can see their own login name, the system logins, and the fixed server roles
Efectively, the query returns system logins and fixed server roles but no user's own login. I've tried to find any clue why this happens with no luck. So far, I've tested this behavior in SQL 2014/2016 over Windows 7/8/10 or Windows Server 2012 with the same result.
The expected result from querying sys.server_principals should be like:
- sa
- public
- sysadmin
- securityadmin
- serveradmin
- setupadmin
- processadmin
- diskadmin
- dbcreator
- bulkadmin
- DOMAIN\UserName
Is there any configuration I must give to the user at domain level or SQL Server level to make this query to work? Thanks in advance for any help.
After a lot of try-error, I've discovered that the problem is at the database. I executed this statement:
This solved my problem. However, this solution is a little bitter because this query it's supposed to work without any additional permission as per the documentation.