How to list Item permissions for security roles pre ITMS 8.0?
The following SQL queries can be run on the pre 8.0 database to help review permissions of security role.
These queries would not work on ITMS 8.0 due to major database schema changes.
Here is a query that returns permissions for a specific security role.
You will need to put in the GUID of that role that is in question.
select sr.name as [Security Role], i.Guid as [Object Guid], i.Name as [Object Name], sp.name as [Permission], sad.Inherited, st.Trustee as [Role SID], st.guid as [Trustee Guid]
from vitem i
join SecurityAceData sad on sad.entityguid = i.securityguid
join securitytrusteepermission stp on stp.Id = sad.TrusteePermissionId
join securityPermission sp on sp.guid = stp.PermissionGuid
join securityRole sr on sr.Trusteeguid = stp.TrusteeGuid
join securitytrustee st on st.guid = sr.trusteeguid
where sr.guid = '2E1F478A-4986-4223-9D1E-B5920A63AB41' -- Symantec Administrators
and sad.Inherited = 0
order by i.name, sp.name
/* List of security roles.*/
select * from SecurityRole
Note: It is recommended to document custom security role configuration for recovery purposes and for user access reviews.