.png)
sys.fn_builtin_permissions (Transact-SQL)
Returns a description of the built in permissions hierarchy of the server.
Transact-SQL Syntax Conventions
sys.fn_builtin_permissions ( [ DEFAULT | NULL ]
| empty_string | '<securable_class>' } )
<securable_class> ::=
APPLICATION ROLE | ASSEMBLY | ASYMMETRIC KEY
| CERTIFICATE | CONTRACT | DATABASE | ENDPOINT | FULLTEXT CATALOG
| LOGIN | MESSAGE TYPE | OBJECT | REMOTE SERVICE BINDING | ROLE
| ROUTE | SCHEMA | SERVER | SERVICE | SYMMETRIC KEY | TYPE
| USER | XML SCHEMA COLLECTION
- DEFAULT
-
When it is called with the DEFAULT option, the function will return a complete list of built in permissions.
- NULL
-
Equivalent to DEFAULT.
- empty_string
-
Equivalent to DEFAULT.
- '<securable_class>'
-
When it is called with the name of one securable class, sys.fn_builtin_permissions will return all permissions that apply to the class. <securable_class> a string literal that requires quotation marks. nvarchar(60)
| Column name | Data type | Collation | Description |
|---|---|---|---|
|
class_desc |
nvarchar(60) |
Collation of the server |
Description of the securable class. |
|
permission_name |
sysname |
Collation of the server |
Permission name. |
|
type |
char(4) |
Collation of the server |
Compact permission type code. See the table that follows. |
|
covering_permission_name |
sysname |
Collation of the server |
If not NULL, this is the name of the permission on this class that implies the other permissions on this class. |
|
parent_class_desc |
nvarchar(60) |
Collation of the server |
If not NULL, this is the name of the parent class that contains the current class. |
|
parent_covering_permission_name |
sysname |
Collation of the server |
If not NULL, this is the name of the permission on the parent class that implies all other permissions on that class. |
Compact Permission Types
| Permission type | Permission name | Applies to securable or class |
|---|---|---|
|
ADBO |
ADMINISTER BULK OPERATIONS |
SERVER |
|
AL |
ALTER |
APPLICATION ROLE |
|
AL |
ALTER |
ASSEMBLY |
|
AL |
ALTER |
ASYMMETRIC KEY |
|
AL |
ALTER |
CERTIFICATE |
|
AL |
ALTER |
CONTRACT |
|
AL |
ALTER |
DATABASE |
|
AL |
ALTER |
ENDPOINT |
|
AL |
ALTER |
FULLTEXT CATALOG |
|
AL |
ALTER |
LOGIN |
|
AL |
ALTER |
MESSAGE TYPE |
|
AL |
ALTER |
OBJECT |
|
AL |
ALTER |
REMOTE SERVICE BINDING |
|
AL |
ALTER |
ROLE |
|
AL |
ALTER |
ROUTE |
|
AL |
ALTER |
SCHEMA |
|
AL |
ALTER |
SERVICE |
|
AL |
ALTER |
SYMMETRIC KEY |
|
AL |
ALTER |
USER |
|
AL |
ALTER |
XML SCHEMA COLLECTION |
|
ALAK |
ALTER ANY ASYMMETRIC KEY |
DATABASE |
|
ALAR |
ALTER ANY APPLICATION ROLE |
DATABASE |
|
ALAS |
ALTER ANY ASSEMBLY |
DATABASE |
|
ALCD |
ALTER ANY CREDENTIAL |
SERVER |
|
ALCF |
ALTER ANY CERTIFICATE |
DATABASE |
|
ALCO |
ALTER ANY CONNECTION |
SERVER |
|
ALDB |
ALTER ANY DATABASE |
SERVER |
|
ALDS |
ALTER ANY DATASPACE |
DATABASE |
|
ALED |
ALTER ANY DATABASE EVENT NOTIFICATION |
DATABASE |
|
ALES |
ALTER ANY EVENT NOTIFICATION |
SERVER |
|
ALFT |
ALTER ANY FULLTEXT CATALOG |
DATABASE |
|
ALHE |
ALTER ANY ENDPOINT |
SERVER |
|
ALLG |
ALTER ANY LOGIN |
SERVER |
|
ALLS |
ALTER ANY LINKED SERVER |
SERVER |
|
ALMT |
ALTER ANY MESSAGE TYPE |
DATABASE |
|
ALRL |
ALTER ANY ROLE |
DATABASE |
|
ALRS |
ALTER RESOURCES |
SERVER |
|
ALRT |
ALTER ANY ROUTE |
DATABASE |
|
ALSB |
ALTER ANY REMOTE SERVICE BINDING |
DATABASE |
|
ALSC |
ALTER ANY CONTRACT |
DATABASE |
|
ALSK |
ALTER ANY SYMMETRIC KEY |
DATABASE |
|
ALSM |
ALTER ANY SCHEMA |
DATABASE |
|
ALSS |
ALTER SERVER STATE |
SERVER |
|
ALST |
ALTER SETTINGS |
SERVER |
|
ALSV |
ALTER ANY SERVICE |
DATABASE |
|
ALTG |
ALTER ANY DATABASE DDL TRIGGER |
DATABASE |
|
ALTR |
ALTER TRACE |
SERVER |
|
ALUS |
ALTER ANY USER |
DATABASE |
|
AUTH |
AUTHENTICATE |
DATABASE |
|
AUTH |
AUTHENTICATE SERVER |
SERVER |
|
BADB |
BACKUP DATABASE |
DATABASE |
|
BALO |
BACKUP LOG |
DATABASE |
|
CL |
CONTROL |
APPLICATION ROLE |
|
CL |
CONTROL |
ASSEMBLY |
|
CL |
CONTROL |
ASYMMETRIC KEY |
|
CL |
CONTROL |
CERTIFICATE |
|
CL |
CONTROL |
CONTRACT |
|
CL |
CONTROL |
DATABASE |
|
CL |
CONTROL |
ENDPOINT |
|
CL |
CONTROL |
FULLTEXT CATALOG |
|
CL |
CONTROL |
LOGIN |
|
CL |
CONTROL |
MESSAGE TYPE |
|
CL |
CONTROL |
OBJECT |
|
CL |
CONTROL |
REMOTE SERVICE BINDING |
|
CL |
CONTROL |
ROLE |
|
CL |
CONTROL |
ROUTE |
|
CL |
CONTROL |
SCHEMA |
|
CL |
CONTROL |
SERVICE |
|
CL |
CONTROL |
SYMMETRIC KEY |
|
CL |
CONTROL |
TYPE |
|
CL |
CONTROL |
USER |
|
CL |
CONTROL |
XML SCHEMA COLLECTION |
|
CL |
CONTROL SERVER |
SERVER |
|
CO |
CONNECT |
DATABASE |
|
CO |
CONNECT |
ENDPOINT |
|
CORP |
CONNECT REPLICATION |
DATABASE |
|
COSQ |
CONNECT SQL |
SERVER |
|
CP |
CHECKPOINT |
DATABASE |
|
CRAG |
CREATE AGGREGATE |
DATABASE |
|
CRAK |
CREATE ASYMMETRIC KEY |
DATABASE |
|
CRAS |
CREATE ASSEMBLY |
DATABASE |
|
CRCF |
CREATE CERTIFICATE |
DATABASE |
|
CRDB |
CREATE ANY DATABASE |
SERVER |
|
CRDB |
CREATE DATABASE |
DATABASE |
|
CRDE |
CREATE DDL EVENT NOTIFICATION |
SERVER |
|
CRDF |
CREATE DEFAULT |
DATABASE |
|
CRED |
CREATE DATABASE DDL EVENT NOTIFICATION |
DATABASE |
|
CRFN |
CREATE FUNCTION |
DATABASE |
|
CRFT |
CREATE FULLTEXT CATALOG |
DATABASE |
|
CRHE |
CREATE ENDPOINT |
SERVER |
|
CRMT |
CREATE MESSAGE TYPE |
DATABASE |
|
CRPR |
CREATE PROCEDURE |
DATABASE |
|
CRQU |
CREATE QUEUE |
DATABASE |
|
CRRL |
CREATE ROLE |
DATABASE |
|
CRRT |
CREATE ROUTE |
DATABASE |
|
CRRU |
CREATE RULE |
DATABASE |
|
CRSB |
CREATE REMOTE SERVICE BINDING |
DATABASE |
|
CRSC |
CREATE CONTRACT |
DATABASE |
|
CRSK |
CREATE SYMMETRIC KEY |
DATABASE |
|
CRSM |
CREATE SCHEMA |
DATABASE |
|
CRSN |
CREATE SYNONYM |
DATABASE |
|
CRSV |
CREATE SERVICE |
DATABASE |
|
CRTB |
CREATE TABLE |
DATABASE |
|
CRTE |
CREATE TRACE EVENT NOTIFICATION |
SERVER |
|
CRTY |
CREATE TYPE |
DATABASE |
|
CRVW |
CREATE VIEW |
DATABASE |
|
CRXS |
CREATE XML SCHEMA COLLECTION |
DATABASE |
|
DL |
DELETE |
DATABASE |
|
DL |
DELETE |
OBJECT |
|
DL |
DELETE |
SCHEMA |
|
EX |
EXECUTE |
ASSEMBLY |
|
EX |
EXECUTE |
DATABASE |
|
EX |
EXECUTE |
OBJECT |
|
EX |
EXECUTE |
SCHEMA |
|
EX |
EXECUTE |
TYPE |
|
EX |
EXECUTE |
XML SCHEMA COLLECTION |
|
IM |
IMPERSONATE |
LOGIN |
|
IM |
IMPERSONATE |
USER |
|
IN |
INSERT |
DATABASE |
|
IN |
INSERT |
OBJECT |
|
IN |
INSERT |
SCHEMA |
|
RC |
RECEIVE |
OBJECT |
|
RF |
REFERENCES |
ASSEMBLY |
|
RF |
REFERENCES |
ASYMMETRIC KEY |
|
RF |
REFERENCES |
CERTIFICATE |
|
RF |
REFERENCES |
CONTRACT |
|
RF |
REFERENCES |
DATABASE |
|
RF |
REFERENCES |
FULLTEXT CATALOG |
|
RF |
REFERENCES |
MESSAGE TYPE |
|
RF |
REFERENCES |
OBJECT |
|
RF |
REFERENCES |
SCHEMA |
|
RF |
REFERENCES |
SYMMETRIC KEY |
|
RF |
REFERENCES |
TYPE |
|
RF |
REFERENCES |
XML SCHEMA COLLECTION |
|
SHDN |
SHUTDOWN |
SERVER |
|
SL |
SELECT |
DATABASE |
|
SL |
SELECT |
OBJECT |
|
SL |
SELECT |
SCHEMA |
|
SN |
SEND |
SERVICE |
|
SPLN |
SHOWPLAN |
DATABASE |
|
SUQN |
SUBSCRIBE QUERY NOTIFICATIONS |
DATABASE |
|
TO |
TAKE OWNERSHIP |
ASSEMBLY |
|
TO |
TAKE OWNERSHIP |
ASYMMETRIC KEY |
|
TO |
TAKE OWNERSHIP |
CERTIFICATE |
|
TO |
TAKE OWNERSHIP |
CONTRACT |
|
TO |
TAKE OWNERSHIP |
DATABASE |
|
TO |
TAKE OWNERSHIP |
ENDPOINT |
|
TO |
TAKE OWNERSHIP |
FULLTEXT CATALOG |
|
TO |
TAKE OWNERSHIP |
MESSAGE TYPE |
|
TO |
TAKE OWNERSHIP |
OBJECT |
|
TO |
TAKE OWNERSHIP |
REMOTE SERVICE BINDING |
|
TO |
TAKE OWNERSHIP |
ROLE |
|
TO |
TAKE OWNERSHIP |
ROUTE |
|
TO |
TAKE OWNERSHIP |
SCHEMA |
|
TO |
TAKE OWNERSHIP |
SERVICE |
|
TO |
TAKE OWNERSHIP |
SYMMETRIC KEY |
|
TO |
TAKE OWNERSHIP |
TYPE |
|
TO |
TAKE OWNERSHIP |
XML SCHEMA COLLECTION |
|
UP |
UPDATE |
DATABASE |
|
UP |
UPDATE |
OBJECT |
|
UP |
UPDATE |
SCHEMA |
|
VW |
VIEW DEFINITION |
APPLICATION ROLE |
|
VW |
VIEW DEFINITION |
ASSEMBLY |
|
VW |
VIEW DEFINITION |
ASYMMETRIC KEY |
|
VW |
VIEW DEFINITION |
CERTIFICATE |
|
VW |
VIEW DEFINITION |
CONTRACT |
|
VW |
VIEW DEFINITION |
DATABASE |
|
VW |
VIEW DEFINITION |
ENDPOINT |
|
VW |
VIEW DEFINITION |
FULLTEXT CATALOG |
|
VW |
VIEW DEFINITION |
LOGIN |
|
VW |
VIEW DEFINITION |
MESSAGE TYPE |
|
VW |
VIEW DEFINITION |
OBJECT |
|
VW |
VIEW DEFINITION |
REMOTE SERVICE BINDING |
|
VW |
VIEW DEFINITION |
ROLE |
|
VW |
VIEW DEFINITION |
ROUTE |
|
VW |
VIEW DEFINITION |
SCHEMA |
|
VW |
VIEW DEFINITION |
SERVICE |
|
VW |
VIEW DEFINITION |
SYMMETRIC KEY |
|
VW |
VIEW DEFINITION |
TYPE |
|
VW |
VIEW DEFINITION |
USER |
|
VW |
VIEW DEFINITION |
XML SCHEMA COLLECTION |
|
VWAD |
VIEW ANY DEFINITION |
SERVER |
|
VWDB |
VIEW ANY DATABASE |
SERVER |
|
VWDS |
VIEW DATABASE STATE |
DATABASE |
|
VWSS |
VIEW SERVER STATE |
SERVER |
|
XA |
EXTERNAL ACCESS ASSEMBLY |
SERVER |
|
XU |
UNSAFE ASSEMBLY |
SERVER |
sys.fn_builtin_permissions is a table-valued function that emits a copy of the predefined permission hierarchy. This hierarchy includes covering permissions. The DEFAULT result set describes a directed, acyclic graph of the permissions hierarchy, of which the root is (class = SERVER, permission = CONTROL SERVER).
sys.fn_builtin_permissions does not accept correlated parameters.
sys.fn_builtin_permissions will return an empty set when it is called with a class name that is not valid.
A. Listing all built in permissions
SELECT * FROM sys.fn_builtin_permissions(DEFAULT)
B. Listing permissions that can be set on a symmetric key
SELECT * FROM sys.fn_builtin_permissions(N'SYMMETRIC KEY')
C. Listing classes on which there is a SELECT permission
SELECT * FROM sys.fn_builtin_permissions(DEFAULT)
WHERE permission_name = 'SELECT';
Reference
GRANT (Transact-SQL)CREATE SCHEMA (Transact-SQL)
DROP SCHEMA (Transact-SQL)
