Skip to content

Dirceu Resende

DBA SQL Server and BI Analyst (PowerBI, SSAS, SSIS, SSRS)

  • Consultancy
    • BI Consulting
    • Power BI Consulting
    • SQL Server Consulting
  • File
  • Series
    • Certification
    • Security and Audit
    • Performance tuning
    • What has changed in T-SQL?
    • Data Protection
  • Jobs
  • Data Platform Events
  • About
  • Contact

Other Languages

Subscribe to a blog by email

Enter your email address to subscribe to this blog and receive notifications of new publications by email.

Join 530 other subscribers

Blog Views

1.550.513 views

Categories

  • Apache / .htaccess (9)
  • Database (304)
    • MySQL / MariaDB (4)
    • Oracle (8)
    • SQL Server (290)
      • Audit (15)
      • Azure (2)
      • CLR (53)
      • Query Development (81)
      • DMVs and Catalog Views (31)
      • Errors (22)
      • Tools (12)
      • Data Formatting and Validation (23)
      • Little Known Features (19)
      • Hacks (17)
      • Easy (30)
      • File Handling (13)
      • Maintenance (79)
      • Monitoring (34)
      • What not to do (6)
      • OLE Automation (19)
      • Performance tuning (22)
      • Python (1)
      • Safety (39)
      • SQL Server Agent (11)
  • Business Intelligence (BI) (30)
    • Analysis Services (SSAS) (6)
    • Microsoft (7)
    • Power BI (12)
    • Reporting Services (SSRS) (8)
  • Career and Courses (10)
  • Career, Courses and Certifications (26)
  • Cell Phones (1)
  • Events and Lectures (62)
  • Programme (57)
    • C # (CSharp) (30)
    • CSS (1)
    • ERP (1)
    • javascript (1)
    • PHP (17)
    • Powershell / CMD (8)
    • SQLCLR (4)
  • Uncategorized (10)
  • SEO (4)
  • Virtualization (5)

Microsoft MVP Data Platform

My Certifications

Training

Posts Archive

Recent Posts

  • I abandoned my blog ??? September 17th, 2020
  • Connect-PowerBIServiceAccount: Failed to populate environments in settings September 17th, 2020
  • Windows 10 - How to solve Bluetooth headset problem with lag, crashing and cutting audio 10 July 2020
  • SQL Server - How to send the contents of a table or query in the body of the email as HTML 6 July 2020
  • Microsoft Certified Trainer (MCT) FOR FREE until September 2020! June 16st, 2020
  • September 7th, 2015
  • 3
  • Database DMVs and Catalog Views Maintenance Safety SQL Server

Checking a user's permissions in SQL Server

Views: 13.061
Reading Time: 15 minutes

Hello people!
Good day.

In this post, I will demonstrate how to verify the permissions of a user and / or database in SQL Server, as well as allowing you to easily remove these access or grant again. If you want to replicate a user's permissions between different instances, see if the article SQL Server - How to copy / replicate a user's permissions can help you.

Using system SP, sp_helprotect

Using the stored procedure sp_helprotect, we can easily list the permissions of a particular user or object:

Transact-SQL
1
2
3
-- Verificando as permissões do usuário "Usuario_Teste"
EXEC Protheus_Producao.dbo.sp_helprotect
    @username = 'Usuario_Teste'    

Result
SQL Server - User Permissions

Transact-SQL
1
2
3
-- Verificando as permissões da tabela "SA1010"
EXEC Protheus_Producao.dbo.sp_helprotect
    @name = 'SA1010'

Result
SQL Server - 2 User Permissions

Using Transact SQL Queries in Catalog Views

A very interesting way to get and work with this information that we saw in the SQL Server Managment Studio interface is by using SQL queries and SQL Server database catalog views. These queries bring more information than the sp_helprotect system sp and just like using SP we can work with the returned data.

View source
Transact-SQL
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
DECLARE
    @Ds_Usuario VARCHAR(100) = 'Usuario_Teste'
 
 
-- Associação Usuário x Login
IF (OBJECT_ID('tempdb..#Users_Logins') IS NOT NULL) DROP TABLE #Users_Logins
SELECT
    C.name AS Ds_Login,
    B.name AS Ds_Usuario
INTO
    #Users_Logins
FROM
    sys.database_principals                A    WITH(NOLOCK)
    JOIN sys.sysusers                    B    WITH(NOLOCK)    ON    A.principal_id = B.uid
    LEFT JOIN sys.syslogins                C    WITH(NOLOCK)    ON    B.sid = C.sid
WHERE
    A.type_desc != 'DATABASE_ROLE'
    AND (C.name = @Ds_Usuario OR B.name = @Ds_Usuario OR @Ds_Usuario IS NULL)
 
 
 
-- Recupera o Login e o usuário
DECLARE
    @Ds_Usuario_Recuperado VARCHAR(MAX),
    @Ds_Login_Recuperado VARCHAR(MAX)
 
 
SELECT
    @Ds_Login_Recuperado = Ds_Login,
    @Ds_Usuario_Recuperado = Ds_Usuario
FROM
    #Users_Logins
 
 
 
-- Database Roles
IF (OBJECT_ID('tempdb..#Database_Roles') IS NOT NULL) DROP TABLE #Database_Roles
SELECT
    C.name AS Ds_Usuario,
    B.name AS Ds_Database_Role
INTO
    #Database_Roles
FROM
    sys.database_role_members        A    WITH(NOLOCK)
    JOIN sys.database_principals    B    WITH(NOLOCK)    ON    A.role_principal_id = B.principal_id
    JOIN sys.sysusers            C    WITH(NOLOCK)    ON    A.member_principal_id = C.uid
WHERE
    (C.name IN (@Ds_Usuario_Recuperado, @Ds_Login_Recuperado) OR @Ds_Usuario IS NULL)
 
 
 
-- Database Permissions
IF (OBJECT_ID('tempdb..#Database_Permissions') IS NOT NULL) DROP TABLE #Database_Permissions
SELECT
    A.class_desc AS Ds_Tipo_Permissao,
    A.permission_name AS Ds_Permissao,
    A.state_desc AS Ds_Operacao,
    B.name AS Ds_Usuario_Permissao,
    C.name AS Ds_Login_Permissao,
    D.name AS Ds_Objeto
INTO
    #Database_Permissions
FROM
    sys.database_permissions                A    WITH(NOLOCK)
    JOIN sys.sysusers                    B    WITH(NOLOCK)    ON    A.grantee_principal_id = B.uid
    LEFT JOIN sys.syslogins                C    WITH(NOLOCK)    ON    B.sid = C.sid
    LEFT JOIN sys.objects                D    WITH(NOLOCK)    ON    A.major_id = D.object_id
WHERE
    A.major_id >= 0
    AND (C.name IN (@Ds_Usuario_Recuperado, @Ds_Login_Recuperado) OR B.name IN (@Ds_Usuario_Recuperado, @Ds_Login_Recuperado) OR @Ds_Usuario IS NULL)
    
 
 
-- Server roles
IF (OBJECT_ID('tempdb..#Server_Roles') IS NOT NULL) DROP TABLE #Server_Roles
SELECT
    B.name AS Ds_Usuario,
    C.name AS Ds_Server_Role
INTO
    #Server_Roles
FROM
    sys.server_role_members        A    WITH(NOLOCK)
    JOIN sys.server_principals        B    WITH(NOLOCK)    ON    A.member_principal_id = B.principal_id
    JOIN sys.server_principals        C    WITH(NOLOCK)    ON    A.role_principal_id = C.principal_id
WHERE
    (B.name IN (@Ds_Usuario_Recuperado, @Ds_Login_Recuperado) OR @Ds_Usuario IS NULL)
    
 
 
-- Server permissions
IF (OBJECT_ID('tempdb..#Server_Permissions') IS NOT NULL) DROP TABLE #Server_Permissions
SELECT
    A.class_desc AS Ds_Tipo_Permissao,
    A.state_desc AS Ds_Tipo_Operacao,
    A.permission_name AS Ds_Permissao,
    C.name AS Ds_Login,
    B.type_desc AS Ds_Tipo_Login
INTO
    #Server_Permissions
FROM
    sys.server_permissions                A    WITH(NOLOCK)
    JOIN sys.server_principals                B    WITH(NOLOCK)    ON    A.grantee_principal_id = B.principal_id
    LEFT JOIN sys.syslogins                C    WITH(NOLOCK)    ON    B.sid = C.sid
WHERE
    (C.name IN (@Ds_Usuario_Recuperado, @Ds_Login_Recuperado) OR @Ds_Usuario IS NULL)
 
 
SELECT * FROM #Users_Logins
SELECT * FROM #Database_Roles
SELECT * FROM #Database_Permissions
SELECT * FROM #Server_Roles
SELECT * FROM #Server_Permissions

Return of Queries
SQL Server - User Permissions via Transact SQL Query TSQL SQL

Using a Custom Stored Procedure

With a little more work and refinement, we can use a Stored Procedure for this purpose. We can use feedback to generate an access report, record the information for history, etc. See how easy it is:

View SP source code
Transact-SQL
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
USE [Auditoria]
GO
/****** Object:  StoredProcedure [dbo].[stpVerifica_Permissoes]    Script Date: 09/07/2015 15:18:24 ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER PROCEDURE [dbo].[stpVerifica_Permissoes] (
    @Ds_Usuario VARCHAR(100) = NULL,
    @Ds_Database VARCHAR(100) = NULL,
    @Ds_Objeto VARCHAR(100) = NULL,
    @Nr_Tipo_Permissao SMALLINT = NULL,
    @Fl_Permissoes_Servidor BIT = 1
)
AS BEGIN
        
 
    SELECT
        @Ds_Usuario = ISNULL(@Ds_Usuario, ''),
        @Ds_Database = ISNULL(@Ds_Database, ''),
        @Ds_Objeto = ISNULL(@Ds_Objeto, '')
 
        
    DECLARE
        @Query VARCHAR(MAX)
 
 
 
    ----------------------------------------------------------------------------------------
    -- ASSOCIAÇÃO USUÁRIO X LOGIN
    ----------------------------------------------------------------------------------------
    
    IF (OBJECT_ID('tempdb..#Users_Logins') IS NOT NULL) DROP TABLE #Users_Logins
    CREATE TABLE #Users_Logins (
        Ds_Database VARCHAR(100),
        Ds_Login VARCHAR(100),
        Ds_Usuario VARCHAR(100)
    )
    
    
    IF (@Nr_Tipo_Permissao = 0 OR @Nr_Tipo_Permissao IS NULL)
    BEGIN
    
        SET @Query = '
        IF (''?'' = ''' + @Ds_Database + ''' OR ''' + @Ds_Database + ''' = '''')
        BEGIN
 
            USE [?]
 
            SELECT
                ''?'' AS Ds_Database,
                C.name AS Ds_Login,
                B.name AS Ds_Usuario
            FROM
                sys.database_principals                A    WITH(NOLOCK)
                JOIN sys.sysusers                B    WITH(NOLOCK)    ON    A.principal_id = B.uid
                LEFT JOIN sys.syslogins                C    WITH(NOLOCK)    ON    B.sid = C.sid
            WHERE
                A.type_desc != ''DATABASE_ROLE''
                AND (C.name = ''' + @Ds_Usuario + ''' OR B.name = ''' + @Ds_Usuario + ''' OR ''' + @Ds_Usuario + ''' = '''')
                AND (C.name = ''' + @Ds_Objeto + ''' OR B.name = ''' + @Ds_Objeto + ''' OR ''' + @Ds_Objeto + ''' = '''')
                
        END'
        
 
        INSERT INTO #Users_Logins
        EXEC master.dbo.sp_MSforeachdb @Query
        
    END
 
 
 
    ----------------------------------------------------------------------------------------
    -- PERMISSÕES EM ROLES DE BANCO DE DADOS
    ----------------------------------------------------------------------------------------
 
    IF (OBJECT_ID('tempdb..#Database_Roles') IS NOT NULL) DROP TABLE #Database_Roles
    CREATE TABLE #Database_Roles (
        Ds_Database VARCHAR(100),
        Ds_Login VARCHAR(100),
        Ds_Usuario VARCHAR(100),
        Ds_Database_Role VARCHAR(100)
    )
    
    
    IF (@Nr_Tipo_Permissao = 1 OR @Nr_Tipo_Permissao IS NULL)
    BEGIN
 
        SET @Query = '
        IF (''?'' = ''' + @Ds_Database + ''' OR ''' + @Ds_Database + ''' = '''')
        BEGIN
 
            USE [?]
 
            SELECT
                ''?'' AS Ds_Database,
                D.name AS Ds_Login,
                C.name AS Ds_Usuario,
                B.name AS Ds_Role
            FROM
                sys.database_role_members        A    WITH(NOLOCK)
                JOIN sys.database_principals        B    WITH(NOLOCK)    ON    A.role_principal_id = B.principal_id
                JOIN sys.sysusers            C    WITH(NOLOCK)    ON    A.member_principal_id = C.uid
                LEFT JOIN sys.syslogins            D    WITH(NOLOCK)    ON    C.sid = D.sid
            WHERE
                (C.name = ''' + @Ds_Usuario + ''' OR D.name = ''' + @Ds_Usuario + ''' OR ''' + @Ds_Usuario  + ''' = '''')
                AND (B.name = ''' + @Ds_Objeto + ''' OR ''' + @Ds_Objeto + ''' = '''')
                
        END'
 
 
        INSERT INTO #Database_Roles
        EXEC master.dbo.sp_MSforeachdb @Query
        
    END
 
 
    ----------------------------------------------------------------------------------------
    -- PERMISSÕES A NÍVEL DE BANCO DE DADOS
    ----------------------------------------------------------------------------------------
    
    IF (OBJECT_ID('tempdb..#Database_Permissions') IS NOT NULL) DROP TABLE #Database_Permissions
    CREATE TABLE #Database_Permissions (
        Ds_Database VARCHAR(100),
        Ds_Tipo_Permissao VARCHAR(60),
        Ds_Permissao VARCHAR(128),
        Ds_Operacao VARCHAR(60),
        Ds_Login_Permissao VARCHAR(100),
        Ds_Usuario_Permissao VARCHAR(100),
        Ds_Objeto VARCHAR(100)
    )
    
    
    IF (@Nr_Tipo_Permissao = 2 OR @Nr_Tipo_Permissao IS NULL)
    BEGIN
    
        SET @Query = '
        IF (''?'' = ''' + @Ds_Database + ''' OR ''' + @Ds_Database + ''' = '''')
        BEGIN
 
            USE [?]
 
            SELECT
                ''?'' AS Ds_Database,
                A.class_desc AS Ds_Tipo_Permissao,
                A.permission_name AS Ds_Permissao,
                A.state_desc AS Ds_Operacao,
                C.name AS Ds_Login_Permissao,
                B.name AS Ds_Usuario_Permissao,
                D.name AS Ds_Objeto
            FROM
                sys.database_permissions                A    WITH(NOLOCK)
                JOIN sys.sysusers                    B    WITH(NOLOCK)    ON    A.grantee_principal_id = B.uid
                LEFT JOIN sys.syslogins                    C    WITH(NOLOCK)    ON    B.sid = C.sid
                LEFT JOIN sys.objects                    D    WITH(NOLOCK)    ON    A.major_id = D.object_id
            WHERE
                A.major_id >= 0
                AND (B.name = ''' + @Ds_Usuario + ''' OR C.name = ''' + @Ds_Usuario + ''' OR ''' + @Ds_Usuario + ''' = '''')
                AND (D.name = ''' + @Ds_Objeto + ''' OR ''' + @Ds_Objeto + ''' = '''')
                
        END'
 
 
        INSERT INTO #Database_Permissions
        EXEC master.dbo.sp_MSforeachdb @Query
        
    END
 
 
    ----------------------------------------------------------------------------------------
    -- PERMISSÕES EM ROLES DE SISTEMA
    ----------------------------------------------------------------------------------------
 
    IF (OBJECT_ID('tempdb..#Server_Roles') IS NOT NULL) DROP TABLE #Server_Roles
    CREATE TABLE #Server_Roles (
        Ds_Usuario VARCHAR(100),
        Ds_Server_Role VARCHAR(100)
    )
 
    
    IF ((@Fl_Permissoes_Servidor = 1 AND @Nr_Tipo_Permissao IS NULL) OR @Nr_Tipo_Permissao = 3)
    BEGIN
 
    
        SET @Query = '
        SELECT
            B.name AS Ds_Usuario,
            C.name AS Ds_Role
        FROM
            sys.server_role_members            A    WITH(NOLOCK)
            JOIN sys.server_principals            B    WITH(NOLOCK)    ON    A.member_principal_id = B.principal_id
            JOIN sys.server_principals            C    WITH(NOLOCK)    ON    A.role_principal_id = C.principal_id
        WHERE
            (B.name = ''' + @Ds_Usuario + ''' OR ''' + @Ds_Usuario + ''' = '''')
            AND (B.name = ''' + @Ds_Objeto + ''' OR ''' + @Ds_Objeto + ''' = '''')'
 
 
        INSERT INTO #Server_Roles
        EXEC (@Query)
        
    END
 
 
    ----------------------------------------------------------------------------------------
    -- PERMISSÕES A NÍVEL DE SERVIDOR
    ----------------------------------------------------------------------------------------
 
    IF (OBJECT_ID('tempdb..#Server_Permissions') IS NOT NULL) DROP TABLE #Server_Permissions
    CREATE TABLE #Server_Permissions (
        Ds_Tipo_Permissao VARCHAR(60),
        Ds_Tipo_Operacao VARCHAR(60),
        Ds_Permissao VARCHAR(128),
        Ds_Login VARCHAR(100),
        Ds_Tipo_Login VARCHAR(100)
    )
 
 
    IF ((@Fl_Permissoes_Servidor = 1 AND @Nr_Tipo_Permissao IS NULL) OR @Nr_Tipo_Permissao = 4)
    BEGIN
 
 
        SET @Query = '
        SELECT
            A.class_desc AS Ds_Tipo_Permissao,
            A.state_desc AS Ds_Tipo_Operacao,
            A.permission_name AS Ds_Permissao,
            C.name AS Ds_Login,
            B.type_desc AS Ds_Tipo_Login
        FROM
            sys.server_permissions                    A    WITH(NOLOCK)
            JOIN sys.server_principals                    B    WITH(NOLOCK)    ON    A.grantee_principal_id = B.principal_id
            LEFT JOIN sys.syslogins                    C    WITH(NOLOCK)    ON    B.sid = C.sid
        WHERE
            (C.name = ''' + @Ds_Usuario + ''' OR ''' + @Ds_Usuario + ''' = '''')
            AND (C.name = ''' + @Ds_Objeto + ''' OR ''' + @Ds_Objeto + ''' = '''')'
 
 
        INSERT INTO #Server_Permissions
        EXEC(@Query)
        
        
    END
 
 
    ----------------------------------------------------------------------------------------
    -- DEFINE AS SAÍDAS
    ----------------------------------------------------------------------------------------
 
    SELECT
        0 AS Id_Nivel_Permissao,
        'User_Login' AS Ds_Nivel_Permissao,
        Ds_Database,
        NULL AS Ds_Tipo_Permissao,
        'LOGIN' AS Ds_Permissao,
        'GRANT' AS Ds_Operacao,
        Ds_Login,
        Ds_Usuario,
        NULL AS Ds_Objeto
    FROM
        #Users_Logins
    
    UNION ALL
    
    SELECT
        1 AS Id_Nivel_Permissao,
        'Database_Role' AS Ds_Nivel_Permissao,
        Ds_Database,
        NULL AS Ds_Tipo_Permissao,
        Ds_Database_Role AS Ds_Permissao,
        'GRANT' AS Ds_Operacao,
        Ds_Login,
        Ds_Usuario,
        NULL AS Ds_Objeto
    FROM
        #Database_Roles
        
    UNION ALL
        
    SELECT
        2 AS Id_Nivel_Permissao,
        'Database_Permission' AS Ds_Nivel_Permissao,
        Ds_Database,
        Ds_Tipo_Permissao,
        Ds_Permissao,
        Ds_Operacao,
        Ds_Login_Permissao,
        Ds_Usuario_Permissao,
        Ds_Objeto
    FROM
        #Database_Permissions
        
    UNION ALL
    
    SELECT
        3 AS Id_Nivel_Permissao,
        'Server_Role' AS Ds_Nivel_Permissao,
        NULL AS Ds_Database,
        NULL AS Ds_Tipo_Permissao,
        Ds_Server_Role AS Ds_Permissao,
        'GRANT' AS Ds_Operacao,
        Ds_Usuario AS Ds_Login,
        NULL AS Ds_Usuario,
        @@SERVERNAME AS Ds_Objeto
    FROM
        #Server_Roles
        
    UNION ALL
    
    SELECT
        4 AS Id_Nivel_Permissao,
        'Server_Permission' AS Ds_Nivel_Permissao,
        NULL AS Ds_Database,
        Ds_Tipo_Permissao,
        Ds_Permissao,
        Ds_Tipo_Operacao AS Ds_Operacao,
        Ds_Login,
        NULL AS Ds_Usuario,
        @@SERVERNAME AS Ds_Objeto
    FROM
        #Server_Permissions
    ORDER BY
        1, 3, 7, 8, 9
    
 
END

Usage examples

Transact-SQL
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
-- Verifica todas as permissões do usuário 'Usuario_Teste' na instância
EXEC dbo.stpVerifica_Permissoes
    @Ds_Usuario = 'Usuario_Teste'
    
    
-- Verifica todas as permissões da tabela 'SA1010' no database 'Protheus_Producao'
EXEC dbo.stpVerifica_Permissoes
    @Ds_Database = 'Protheus_Producao',
    @Ds_Objeto = 'SA1010'
    
 
-- Verifica as roles de database do usuário 'Usuario_Teste' em todos os bancos
EXEC dbo.stpVerifica_Permissoes
    @Ds_Usuario = 'Usuario_Teste', -- varchar(100)
    @Ds_Database = NULL, -- varchar(100)
    @Ds_Objeto = NULL,
    @Nr_Tipo_Permissao = 1,
    @Fl_Permissoes_Servidor = 0 -- Não
    
    
-- Verifica as permissões a nível de Database do usuário 'Usuario_Teste'
EXEC dbo.stpVerifica_Permissoes
    @Ds_Usuario = 'Usuario_Teste', -- varchar(100)
    @Ds_Database = NULL, -- varchar(100)
    @Ds_Objeto = NULL,
    @Nr_Tipo_Permissao = 2,
    @Fl_Permissoes_Servidor = 0 -- Não
    
    
-- Verifica as permissões do database 'Protheus_Producao' para todos os usuários
EXEC dbo.stpVerifica_Permissoes
    @Ds_Usuario = NULL, -- varchar(100)
    @Ds_Database = 'Protheus_Producao', -- varchar(100)
    @Ds_Objeto = NULL,
    @Nr_Tipo_Permissao = 2,
    @Fl_Permissoes_Servidor = 0 -- Não
    
    
-- Verifica as permissões a nível de sistema da instância
EXEC dbo.stpVerifica_Permissoes
    @Nr_Tipo_Permissao = 4
    
  
-- Verifica os membros de roles de sistema da instância
EXEC dbo.stpVerifica_Permissoes
    @Nr_Tipo_Permissao = 3

Return Example (First Example)
SQL Server - Query Permissions

Using a Stored Procedure with GRANT and REVOKE Code

Like the previous Stored Procedure, this version is a bit more “compact” and still generates T-SQL codes to grant this privilege exists (if you want to back up existing permissions) and also T-SQL code to remove this permission.

View stp's codeVerify_User_Permissions
Transact-SQL
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
IF (OBJECT_ID('dbo.stpVerifica_Permissoes_Usuario') IS NULL) EXEC('CREATE PROCEDURE dbo.stpVerifica_Permissoes_Usuario AS SELECT 1')
GO
 
ALTER PROCEDURE [dbo].[stpVerifica_Permissoes_Usuario]
    @Ds_Database [varchar](50) = NULL,
    @Ds_Usuario [varchar](50) = NULL,
    @Fl_Objetos_Sistema BIT = 0,
    @Fl_Permissoes_Instancia BIT = 1,
    @Fl_Permissoes_Banco BIT = 1
AS
BEGIN
 
    -- DECLARE @Ds_Database [varchar](50) = NULL, @Ds_Usuario [varchar](50) = NULL, @Fl_Objetos_Sistema BIT = 0, @Fl_Permissoes_Instancia BIT = 1, @Fl_Permissoes_Banco BIT = 1
    DECLARE @query VARCHAR(MAX)
    
 
    SET @query = '
SELECT DISTINCT
    ' + CHAR(39) + '?' + CHAR(39) + ' [Database],
    C.name [Schema],
    COALESCE(B.name, E.name) [Object],
    COALESCE(B.type_desc, E.type_desc) AS [object_type],
    D.name username,
    A.type permissions_type,
    A.permission_name,
    A.state permission_state,
    A.state_desc,
    (CASE WHEN B.is_ms_shipped = 1 OR E.[object_id] IS NOT NULL OR B.name IN (''sysdiagrams'', ''sp_upgraddiagrams'', ''sp_helpdiagrams'', ''sp_helpdiagramdefinition'', ''sp_creatediagram'', ''sp_renamediagram'', ''sp_alterdiagram'', ''sp_dropdiagram'', ''fn_diagramobjects'') THEN 1 ELSE 0 END) AS [system_object],
    (CASE WHEN A.class = 1
        THEN ' + CHAR(39) + 'USE [?]; REVOKE ' + CHAR(39) + ' + A.permission_name + ' + CHAR(39) + ' ON [' + CHAR(39) + ' + C.name + ' + CHAR(39) + '].[' + CHAR(39) + ' + COALESCE(B.name, C.name) + ' + CHAR(39) + '] FROM [' + CHAR(39) + ' + D.name + ' + CHAR(39) + '];' + CHAR(39) + ' COLLATE LATIN1_General_CI_AS
        ELSE ' +  + CHAR(39) + 'USE [?]; REVOKE ' + CHAR(39) + ' + A.permission_name + ' + CHAR(39) + ' FROM [' + CHAR(39) + ' + D.name + ' + CHAR(39) + '];' + CHAR(39) + ' COLLATE LATIN1_General_CI_AS
    END) AS remover,
    (CASE WHEN A.class = 1
        THEN ' + CHAR(39) + 'USE [?]; ' + CHAR(39) + ' + A.state_desc + '' '' + A.permission_name + ' + CHAR(39) + ' ON [' + CHAR(39) + ' + C.name + ' + CHAR(39) + '].[' + CHAR(39) + ' + COALESCE(B.name, C.name) + ' + CHAR(39) + '] TO [' + CHAR(39) + ' + D.name + ' + CHAR(39) + '];' + CHAR(39) + ' COLLATE LATIN1_General_CI_AS
        ELSE ' + CHAR(39) + 'USE [?]; ' + CHAR(39) + ' + A.state_desc + '' '' + A.permission_name + ' + CHAR(39) + ' TO [' + CHAR(39) + ' + D.name + ' + CHAR(39) + '];' + CHAR(39) + ' COLLATE LATIN1_General_CI_AS
    END) AS conceder
FROM
    [?].sys.database_permissions    A WITH(NOLOCK)
    LEFT JOIN [?].sys.objects        B WITH(NOLOCK) ON A.major_id = B.object_id
    LEFT JOIN [?].sys.schemas        C WITH(NOLOCK) ON B.schema_id = C.schema_id
    JOIN [?].sys.database_principals    D WITH(NOLOCK) ON A.grantee_principal_id = D.principal_id
    LEFT JOIN [?].sys.system_objects    E WITH(NOLOCK) ON A.major_id = E.object_id
WHERE
    ' + (CASE WHEN @Ds_Usuario IS NULL THEN '1 = 1' ELSE 'D.name LIKE ''' + ISNULL(@Ds_Usuario, '') + '''' END) + '
    AND (
        (COALESCE(B.name, E.name) IS NOT NULL AND A.class = 1)
        OR (A.class NOT IN (1, 6))
    )
ORDER BY
    1, 2, 3, 5'
        
        
    PRINT @query
    
 
    DECLARE @Object_Permissions TABLE (
        [database] sysname,
        [schema] sysname NULL,
        [object] sysname NULL,
        [object_type] sysname NULL,
        [username] sysname,
        [permission_type] sysname,
        [permission_name] sysname,
        [permission_state] sysname,
        [state_desc] sysname,
        [system_object] BIT,
        [remover] VARCHAR(MAX),
        [conceder] VARCHAR(MAX)
    )
    
 
    IF (@Fl_Permissoes_Banco = 1)
    BEGIN
 
        INSERT INTO @Object_Permissions
        EXEC master.dbo.sp_MSforeachdb @query
    
    END
 
    
    -- Roles
    DECLARE @Role_Permissions TABLE (
         DBName sysname,
         UserName sysname,
         LoginType sysname,
         DefaultUser bit,
         AssociatedRole VARCHAR(MAX),
         create_date DATETIME,
         modify_date DATETIME,
         grant_permission VARCHAR(MAX),
         revoke_permission VARCHAR(MAX)
    )
    
 
    IF (@Fl_Permissoes_Banco = 1)
    BEGIN
    
        INSERT @Role_Permissions
        EXEC master.dbo.sp_MSforeachdb '
SELECT DISTINCT
    ''?'' AS DB_Name,
    prin.name AS UserName,
    prin.type_desc AS LoginType,
    (CASE WHEN prin.principal_id < 5 THEN 1 ELSE 0 END) AS default_user,
    role.[name] AS AssociatedRole,
    prin.create_date,
    prin.modify_date,
    ''USE ['' + ''?'' + '']; ALTER ROLE ['' + role.[name] + ''] ADD MEMBER ['' + prin.[name] + ''];'' AS grant_permission,
    ''USE ['' + ''?'' + '']; ALTER ROLE ['' + role.[name] + ''] DROP MEMBER ['' + prin.[name] + ''];'' AS revoke_permission
FROM
    [?].sys.database_principals                 prin    WITH(NOLOCK)
    JOIN [?].sys.database_role_members        mem     WITH(NOLOCK) ON prin.principal_id = mem.member_principal_id
    JOIN [?].sys.database_principals        role    WITH(NOLOCK) ON mem.role_principal_id = role.principal_id
WHERE
    prin.sid IS NOT NULL
    AND prin.principal_id > 4
    AND prin.is_fixed_role <> 1
    AND prin.name NOT LIKE ''##%''
'
 
    END
 
    
 
    DECLARE @Tabela_Final TABLE (
        [database] NVARCHAR(128),
        [schema] NVARCHAR(128),
        [object] NVARCHAR(128),
        [permission_type] VARCHAR(19),
        [system_object] BIT,
        [username] NVARCHAR(128),
        [object_type] NVARCHAR(128),
        [permission_name] NVARCHAR(MAX),
        [read_only] BIT,
        [state_desc] NVARCHAR(128),
        [remover] VARCHAR(MAX),
        [conceder] VARCHAR(MAX)
    )
 
 
    IF (@Fl_Permissoes_Banco = 1)
    BEGIN
 
        INSERT INTO @Tabela_Final
        SELECT DISTINCT
            [database],
            [schema],
            [object],
            (CASE WHEN object_type IS NULL THEN 'DATABASE_PERMISSION' ELSE 'DATABASE_OBJECT' END) AS [permission_type],
            system_object,
            username,
            object_type,
            [permission_name],
            (CASE WHEN object_type = 'SQL_SCALAR_FUNCTION' OR [permission_name] LIKE 'VIEW %' OR [permission_name] IN ('SELECT', 'CONNECT', 'REFERENCES', 'SHOWPLAN') THEN 1 ELSE 0 END) AS [read_only],
            state_desc,
            remover,
            conceder
        FROM
            @Object_Permissions
        WHERE
            ([Username] LIKE @Ds_Usuario OR @Ds_Usuario IS NULL)
            AND ([Database] = @Ds_Database OR @Ds_Database IS NULL)
            AND [username] <> 'dbo'
            AND ((@Fl_Objetos_Sistema = 0 AND system_object = 0) OR @Fl_Objetos_Sistema = 1)
 
        UNION ALL
    
        SELECT DISTINCT
            DBName AS [database],
            NULL AS [schema],
            NULL AS [object],
            'DATABASE_ROLE' AS [object_type],
            DefaultUser AS system_object,
            UserName AS username,
            LoginType AS permission_type,
            ISNULL(NULLIF(AssociatedRole, ''), 'public') AS [permission_name],
            (CASE WHEN AssociatedRole IN ('db_datareader', 'SQLAgentUserRole', 'SQLAgentReaderRole') THEN 1 ELSE 0 END) AS [read_only],
            'GRANT' AS [state_desc],
            revoke_permission AS remover,
            grant_permission AS conceder
        FROM
            @Role_Permissions
        WHERE
            ([Username] LIKE @Ds_Usuario OR @Ds_Usuario IS NULL)
            AND ([DBName] = @Ds_Database OR @Ds_Database IS NULL)
            AND [username] <> 'dbo'
            AND ((@Fl_Objetos_Sistema = 0 AND DefaultUser = 0) OR @Fl_Objetos_Sistema = 1)
        
    END
 
 
    
    IF (@Fl_Permissoes_Instancia = 1)
    BEGIN
    
        INSERT INTO @Tabela_Final
        SELECT DISTINCT
            NULL AS [DB_Name],
            NULL AS [schema],
            NULL AS [object],
            'SERVER_PERMISSION' AS [permission_type],
            (CASE WHEN A.principal_id < 10 THEN 1 ELSE 0 END) AS system_object,
            A.[name] AS [username],
            A.[type_desc] AS [object_type],
            B.[permission_name] COLLATE SQL_Latin1_General_CP1_CI_AI AS [permission_name],
            (CASE WHEN B.[permission_name] IN ('CONNECT SQL') OR B.[permission_name] LIKE 'VIEW %' THEN 1 ELSE 0 END) AS [read_only],
            B.state_desc,
            'USE [master]; REVOKE ' + B.[permission_name] COLLATE SQL_Latin1_General_CP1_CI_AI + ' FROM [' + A.[name] + '];' AS revoke_permission,
            'USE [master]; GRANT ' + B.[permission_name] COLLATE SQL_Latin1_General_CP1_CI_AI + ' TO [' + A.[name] + '];' AS grant_permission
        FROM
            sys.server_principals                A    WITH(NOLOCK)
            JOIN sys.server_permissions                B    WITH(NOLOCK)    ON    A.principal_id = B.grantee_principal_id
        WHERE
            A.[sid] IS NOT NULL
            AND A.is_disabled = 0
            AND A.[type] <> 'C' -- CERTIFICATE_MAPPED_LOGIN
            AND A.[name] NOT LIKE 'NT SERVICE\%'
            AND A.[name] NOT LIKE 'NT AUTHORITY\%'
            AND A.[name] NOT LIKE 'BUILTIN\%'
            AND (A.[name] LIKE @Ds_Usuario OR @Ds_Usuario IS NULL)
 
        UNION ALL
 
        SELECT DISTINCT
            NULL AS [DB_Name],
            NULL AS [schema],
            NULL AS [object],
            'SERVER_ROLE' AS [permission_type],
            (CASE WHEN A.principal_id < 10 THEN 1 ELSE 0 END) AS system_object,
            A.[name] AS UserName,
            A.[type_desc] AS LoginType,
            C.[name] COLLATE SQL_Latin1_General_CP1_CI_AI AS AssociatedRole,
            0 AS [read_only],
            'GRANT' AS [state_desc],
            'USE [master]; ALTER SERVER ROLE [' + C.[name] + '] DROP MEMBER [' + A.[name] + '];' AS revoke_permission,
            'USE [master]; ALTER SERVER ROLE [' + C.[name] + '] ADD MEMBER [' + A.[name] + '];' AS grant_permission
        FROM
            sys.server_principals                   A    WITH(NOLOCK)
            JOIN sys.server_role_members        B   WITH(NOLOCK) ON A.principal_id = B.member_principal_id
            JOIN sys.server_principals            C    WITH(NOLOCK) ON B.role_principal_id = C.principal_id
        WHERE
            A.[sid] IS NOT NULL
            AND A.is_disabled = 0
            AND A.[type] <> 'C' -- CERTIFICATE_MAPPED_LOGIN
            AND A.[name] NOT LIKE 'NT SERVICE\%'
            AND A.[name] NOT LIKE 'NT AUTHORITY\%'
            AND A.[name] NOT LIKE 'BUILTIN\%'
            AND (A.[name] LIKE @Ds_Usuario OR @Ds_Usuario IS NULL)
 
 
    END
 
 
 
    SELECT
        *
    FROM
        @Tabela_Final
    ORDER BY
        [Database],
        username,
        [Schema],
        [Object]
 
    
END
GO

Examples of use:

Transact-SQL
1
2
3
4
5
6
7
-- Verifica as permissões de todos os usuários do database "dirceuresende"
EXEC dbo.stpVerifica_Permissoes_Usuario
    @Ds_Database = 'dirceuresende', -- varchar(50)
    @Ds_Usuario = '', -- varchar(50)
    @Fl_Objetos_Sistema = 0, -- bit
    @Fl_Permissoes_Instancia = 0, -- bit
    @Fl_Permissoes_Banco = 1 -- bit

Result:

Transact-SQL
1
2
3
4
5
6
7
-- Verifica as permissões do usuário "teste" em todos os databases
EXEC dbo.stpVerifica_Permissoes_Usuario
    @Ds_Database = NULL, -- varchar(50)
    @Ds_Usuario = 'teste', -- varchar(50)
    @Fl_Objetos_Sistema = 0, -- bit
    @Fl_Permissoes_Instancia = 0, -- bit
    @Fl_Permissoes_Banco = 1 -- bit

Result:

Transact-SQL
1
2
3
4
5
6
7
-- Verifica todas as permissões dos usuários "%teste%" em todos os databases e a nível de instância
EXEC dbo.stpVerifica_Permissoes_Usuario
    @Ds_Database = NULL, -- varchar(50)
    @Ds_Usuario = '%teste%', -- varchar(50)
    @Fl_Objetos_Sistema = 0, -- bit
    @Fl_Permissoes_Instancia = 1, -- bit
    @Fl_Permissoes_Banco = 1 -- bit

Result:

Transact-SQL
1
2
3
4
5
6
7
-- Verifica todas as permissões, de todos os usuários da instância
EXEC dbo.stpVerifica_Permissoes_Usuario
    @Ds_Database = NULL, -- varchar(50)
    @Ds_Usuario = NULL, -- varchar(50)
    @Fl_Objetos_Sistema = 1, -- bit
    @Fl_Permissoes_Instancia = 1, -- bit
    @Fl_Permissoes_Banco = 1 -- bit

Result:

Using a Query

Another quick and convenient alternative to listing user permissions is by using a multi-UNION query to return role, system, and object permissions.

SQL Server - List view user permissions system role objects tables

View query source code
Transact-SQL
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
SELECT
    DB_NAME(DB_ID()) AS DBNAME,
    (CASE princ.type WHEN 'S' THEN princ.name WHEN 'U' THEN ulogin.name COLLATE Latin1_General_CI_AI END) AS UserName,
    (CASE princ.type WHEN 'S' THEN 'SQL User' WHEN 'U' THEN 'Windows User' END) AS UserType,
    princ.name AS DatabaseUserName,
    NULL AS Role,
    perm.[permission_name] AS PermissionType,
    perm.state_desc AS PermissionState,
    obj.type_desc AS ObjectType,
    OBJECT_NAME(perm.major_id) AS ObjectName,
    col.name AS ColumnName
FROM
    sys.database_principals            princ    WITH(NOLOCK)
    LEFT JOIN sys.login_token            ulogin    WITH(NOLOCK)    ON princ.[sid] = ulogin.[sid]
    LEFT JOIN sys.database_permissions        perm    WITH(NOLOCK)    ON perm.grantee_principal_id = princ.principal_id
    LEFT JOIN sys.columns            col    WITH(NOLOCK)    ON col.[object_id] = perm.major_id AND col.column_id = perm.minor_id
    LEFT JOIN sys.objects            obj    WITH(NOLOCK)    ON perm.major_id = obj.[object_id]
WHERE
    princ.type IN ('S', 'U')
 
UNION
 
SELECT
    DB_NAME(DB_ID()) AS DBNAME,
    (CASE memberprinc.type WHEN 'S' THEN memberprinc.name WHEN 'U' THEN ulogin.name COLLATE Latin1_General_CI_AI END) AS UserName,
    (CASE memberprinc.type WHEN 'S' THEN 'SQL User' WHEN 'U' THEN 'Windows User' END) AS UserType,
    memberprinc.name AS DatabaseUserName,
    roleprinc.name AS [Role],
    perm.[permission_name] AS PermissionType,
    perm.state_desc AS PermissionState,
    obj.type_desc AS ObjectType,
    OBJECT_NAME(perm.major_id) AS ObjectName,
    col.name AS ColumnName
FROM
    sys.database_role_members                members        WITH(NOLOCK)
    JOIN sys.database_principals            roleprinc    WITH(NOLOCK)    ON roleprinc.principal_id = members.role_principal_id
    JOIN sys.database_principals            memberprinc    WITH(NOLOCK)    ON memberprinc.principal_id = members.member_principal_id
    LEFT JOIN sys.login_token                ulogin        WITH(NOLOCK)    ON memberprinc.[sid] = ulogin.[sid]
    LEFT JOIN sys.database_permissions        perm        WITH(NOLOCK)    ON perm.grantee_principal_id = roleprinc.principal_id
    LEFT JOIN sys.columns                    col            WITH(NOLOCK)    ON col.[object_id] = perm.major_id AND col.column_id = perm.minor_id
    LEFT JOIN sys.objects                    obj            WITH(NOLOCK)    ON perm.major_id = obj.[object_id]
 
UNION
 
SELECT
    DB_NAME(DB_ID()) AS DBNAME,
    '{All Users}' AS UserName,
    '{All Users}' AS UserType,
    '{All Users}' AS DatabaseUserName,
    roleprinc.name AS [Role],
    perm.[permission_name] AS PermissionType,
    perm.state_desc AS PermissionState,
    obj.type_desc AS ObjectType,
    OBJECT_NAME(perm.major_id) AS ObjectName,
    col.name AS ColumnName
FROM
    sys.database_principals                    roleprinc    WITH(NOLOCK)
    LEFT JOIN sys.database_permissions        perm        WITH(NOLOCK)    ON perm.grantee_principal_id = roleprinc.principal_id
    LEFT JOIN sys.columns                    col            WITH(NOLOCK)    ON col.[object_id] = perm.major_id AND col.column_id = perm.minor_id
    JOIN sys.objects                        obj            WITH(NOLOCK)    ON obj.[object_id] = perm.major_id
WHERE
    roleprinc.[type] = 'R'
    AND roleprinc.name = 'public'
    AND obj.is_ms_shipped = 0
ORDER BY
    princ.name,
    OBJECT_NAME(perm.major_id),
    col.name,
    perm.[permission_name],
    perm.state_desc,
    obj.type_desc

Using the SQL Server Managment Studio Interface (GUI)

A very easy and practical way to check user permissions is to use the SQL Server Management Studio interface itself for this. In my view, the biggest problem with this solution is that you are dependent on the tool and we know that a DBA cannot rely solely on the interface for your day to day. Another problem I see with this solution is that you can't work with this information and use it for some automated routine, for example.

Object Level Permissions
SQL Server - User Permissions - Inteface GUI

In this screen we can view the user-owned schemas and database-level roles that this user is part of (See more about database roles here).
SQL Server - User Permissions - Database role membership

In this screen, we can list the permissions granted on each database object and so we have this view by user and object.
SQL Server - User Permissions - 2 GUI Interface

Database Level Permissions:
SQL Server - User Permissions - 3 GUI Interface

In this screen we can set database level permissions for a given user. These permissions apply to all objects in this database that this privilege encompasses, as well as maintenance permissions on the database (eg backup, restore, checkpoint, etc.).
SQL Server - User Permissions - 4 GUI Interface

Server level permissions:
SQL Server - User Permissions - 5 GUI Interface

Server Level Permissions - Server roles
In this screen, you can identify which server-level roles the user in question is part of. (see more about server-side roles here)
SQL Server - User Permissions - GUI Interface - Server roles

Server Level Permissions - User Mapping
In this screen you can identify which databases a particular Login has a user created in and which database roles they are part of.
SQL Server - User Permissions - GUI Interface - User Mapping

Server Level Permissions - Securables
In this one, we can view permissions on instance maintenance activities, such as Shutdown, Create any login, Create any database, etc.
SQL Server - User Permissions - GUI Interface - Securables Explicit

SQL Server - User Permissions - GUI Interface - Securables Effective

That's it folks!
I hope you enjoyed the post!

sql server list view report user system role object table view permission permissions list view report permissions access user users

sql server list view report user system role object table view permission permissions list view report permissions access user users

tags: all permissionspermissionpermissionquerysecuritysqlsql serverall permissionstsqluser

You may also like ...

  • SQL Server - Rounding Numbers Following ABNT NBR 5891

  • SQL Server - How to find out when instance was installed (date of installation)

  • Working with Service Broker on Microsoft SQL Server

  • Next SQL Server - How to Learn from Basics to Certification (Courses, Virtual Labs, Virtual Academy)
  • Previous How to identify the port used by the instance of SQL Server

Responses

  • Comments3
  • Pingbacks0
  1. Rubia Teles de Souza said:
    5 from 2020 to 08 at 14: XNUMX

    Great procedure! Very useful !!! I just made a change that was not bringing the name of the schemas, but now I saw that you published a version already bringing this !!! Perfect!

    Answer
  2. Andre Sobrinho said:
    12 November 2015 to 12: 08

    Great post ..
    Congratulations .. Liking your blog a lot!

    Answer
    • body_of_rays said:
      12 November 2015 to 13: 43

      André,
      Thanks so much for the feedback! This is very important.

      Answer

Leave a Comment Cancel reply

Dirceu Resende © 2020. All Rights Reserved.