| 437-991-3573 | Data Engineering Services
Resources Tools
Experts in Microsoft SQL Server on Windows, Linux, Containers | Clusters, Always On, FCI | Migrations, Cloud, Performance

T-SQL - Get Logins Connect Permissions
by BF (Principal Consultant; Architecture; Engineering)

T-SQL: Find Logins Connect Permissions:

SELECT as 'Name',
Case p.type
When 'S' Then 'SQL login'
When 'U' Then 'Windows login'
When 'G' Then 'Windows group'
When 'R' Then 'Server role'
When 'C' Then 'Login mapped to a certificate'
When 'K' Then 'Login mapped to an asymmetric key' End as 'Type',
Case sp.type When 'COSQ' Then 'CONNECT SQL' End as 'Permission Type',
sp.[state_desc] as 'Permission State',
p.is_disabled AS IsDisabled,
LOGINPROPERTY(, N'IsExpired') AS IsExpired,
LOGINPROPERTY(, N'IsLocked') AS IsLocked,
LOGINPROPERTY(, N'IsMustChange') AS IsMustChange,
CAST(sl.is_policy_checked AS bit) AS PasswordPolicyEnforced,
CAST(sl.is_expiration_checked AS bit) AS PasswordExpirationEnabled,
LOGINPROPERTY(, N'BadPasswordCount') AS BadPasswordCount,
LOGINPROPERTY(, N'BadPasswordTime') AS BadPasswordTime,
LOGINPROPERTY(, N'PasswordLastSetTime') AS PasswordLastSetTime,
LOGINPROPERTY(, N'LockoutTime') AS LockoutTime,
LOGINPROPERTY(, N'DaysUntilExpiration') AS DaysUntilExpiration,
p.create_date AS CreateDate,
p.modify_date AS LastModifieddate
FROM sys.server_principals AS p
LEFT OUTER JOIN sys.server_permissions AS sp ON sp.grantee_principal_id = p.principal_id
LEFT OUTER JOIN sys.sql_logins AS sl ON sl.principal_id = p.principal_id
(sp.[type] = N'COSQ' and sp.type is not null)
and p.type not in ('R', 'C', 'K')
And not like '##MS_%' --Filter out Certificate-based SQL Server Logins (
Order By p.Type ASC, ASC