账号接口无权限排查脚本(token权限排查)
<h1>账号接口无权限排查脚本(token权限排查)</h1>
<h3>通过查找关系定位,其中%getActivityPropertyList%为url接口地址,更换地址查询库中数据</h3>
<p>-- 1.查询功能是否同步
SELECT * FROM iam_resource WHERE real_identifier like '%getActivityPropertyList%';</p>
<p>-- 2.查询资源角色关联关系
SELECT rel_role_id FROM iam_resource_permission where rel_resource_id IN (SELECT id FROM iam_resource WHERE real_identifier like '%getActivityPropertyList%');</p>
<p>-- 3.查询账号角色关系
SELECT ia.name,iai.ak
FROM iam_account ia
LEFT JOIN iam_account_role iar ON ia.id = iar.rel_account_id
LEFT JOIN iam_account_ident iai ON ia.id = iai.rel_account_id
WHERE iar.rel_role_id IN (
SELECT rel_role_id FROM iam_resource_permission where rel_resource_id IN (SELECT id FROM iam_resource WHERE real_identifier like '%getActivityPropertyList%')
);</p>
<h3>无权限接口执行的sql(如果这个有数据则说明该账户有权限)</h3>
<p>更换账号 16677998 和 接口 /fmp-acc-ecm-imagecenter/member/dap/mapp/std-ecm-imagecenter/query/doc/v1/getFile</p>
<p>SELECT
per.rel_tenant_id relTenantId,
per.rel_app_id relAppId,
res.real_identifier permissionUrl,
res.method permissionUrlMethod
FROM
iam_resource_permission per
LEFT JOIN iam_resource res ON res.id = per.rel_resource_id
AND res.rel_tenant_id = per.rel_tenant_id
AND res.status != '0'
WHERE
per.status != '0'
AND per.rel_tenant_id = '83449456322462924800'
AND per.rel_role_id IN (
SELECT
ir.id
FROM
iam_account ia
LEFT JOIN iam_account_ident iai ON ia.id = iai.rel_account_id
LEFT JOIN iam_account_role iar ON ia.id = iar.rel_account_id
LEFT JOIN iam_role ir ON iar.rel_role_id = ir.id
WHERE
iai.ak = '16677998'
)
AND ( res.identifier IS NOT NULL OR res.identifier != '' )
AND res.real_identifier = '/fmp-acc-ecm-imagecenter/member/dap/mapp/std-ecm-imagecenter/query/doc/v1/getFile';</p>