33
我想將我在存儲過程和其他內容上設置的所有權限從我的開發數據庫複製到我的生產數據庫。這非常麻煩,更不用說容易出錯,只能通過SSMS GUI工具手動完成。腳本SQL Server權限
所以我正在尋找一種方法,我可以直接轉儲設置在一個數據庫中的權限,並將這些相同的權限應用到單獨的數據庫(推測具有相同的模式)。
A
回答
58
數據庫的內置目錄視圖提供了執行此操作的信息。試試這個查詢:
SELECT
(
dp.state_desc + ' ' +
dp.permission_name collate latin1_general_cs_as +
' ON ' + '[' + s.name + ']' + '.' + '[' + o.name + ']' +
' TO ' + '[' + dpr.name + ']'
) AS GRANT_STMT
FROM sys.database_permissions AS dp
INNER JOIN sys.objects AS o ON dp.major_id=o.object_id
INNER JOIN sys.schemas AS s ON o.schema_id = s.schema_id
INNER JOIN sys.database_principals AS dpr ON dp.grantee_principal_id=dpr.principal_id
WHERE dpr.name NOT IN ('public','guest')
-- AND o.name IN ('My_Procedure') -- Uncomment to filter to specific object(s)
-- AND dp.permission_name='EXECUTE' -- Uncomment to filter to just the EXECUTEs
這將爲數據庫中的每個權限吐出一堆命令(GRANT/DENY)。從這裏,您可以將它們複製並粘貼到另一個查詢窗口中並執行,以生成與原始文件相同的權限。例如:
GRANT EXECUTE ON [Exposed].[EmployeePunchoutReservationRetrieve] TO [CustomerAgentRole]
GRANT EXECUTE ON [Exposed].[EmployeePunchoutReservationStore] TO [CustomerAgentRole]
GRANT EXECUTE ON [Exposed].[EmployeePunchoutSendOrderLogStore] TO [CustomerAgentRole]
GRANT EXECUTE ON [Exposed].[EmployeeReportSubscriptions] TO [CustomerAgentRole]
請注意最後一行,註釋掉,即過濾permission_name。取消註釋該行將導致查詢僅吐出EXECUTE權限(即存儲過程的權限)。
5
是的,你可以使用這樣的腳本生成另一個腳本
SET NOCOUNT ON;
DECLARE @NewRole varchar(100), @SourceRole varchar(100);
-- Change as needed
SELECT @SourceRole = 'Giver', @NewRole = 'Taker';
SELECT
state_desc + ' ' + permission_name + ' ON ' + OBJECT_NAME(major_id) + ' TO ' + @NewRole
FROM
sys.database_permissions
WHERE
grantee_principal_id = DATABASE_PRINCIPAL_ID(@SourceRole) AND
-- 0 = DB, 1 = object/column, 3 = schema. 1 is normally enough
class <= 3
34
你可以得到的SQL Server Management Studio來爲你做它:
- 右鍵點擊您要導出數據庫的權限
- 選擇'任務',然後'生成腳本...'
- 確認你正在編寫腳本
- 設置以下腳本選項數據庫:
- 腳本創建:FALSE
- 腳本對象級權限:TRUE
- 選擇的對象類型,其權限您想要腳本
- 選擇你想要編寫腳本權限的對象
- 選擇你想要的腳本生成地點
這將生成一個腳本來爲所有選定的對象設置權限,但會禁止對象腳本本身。
這是基於MS SQL 2008的對話框,所有其他腳本選項與安裝默認值相同。
1
感謝Chris爲他真棒答案,我把它一步,自動運行這些語句的過程(我的表有超過8000權限)
if object_id('dbo.tempPermissions') is not null
Drop table dbo.tempPermissions
Create table tempPermissions(ID int identity , Queries Varchar(255))
Insert into tempPermissions(Queries)
select 'GRANT ' + dp.permission_name collate latin1_general_cs_as
+ ' ON ' + s.name + '.' + o.name + ' TO ' + dpr.name
FROM sys.database_permissions AS dp
INNER JOIN sys.objects AS o ON dp.major_id=o.object_id
INNER JOIN sys.schemas AS s ON o.schema_id = s.schema_id
INNER JOIN sys.database_principals AS dpr ON dp.grantee_principal_id=dpr.principal_id
WHERE dpr.name NOT IN ('public','guest')
declare @count int, @max int, @query Varchar(255)
set @count =1
set @max = (Select max(ID) from tempPermissions)
set @query = (Select Queries from tempPermissions where ID = @count)
while(@count < @max)
begin
exec(@query)
set @count += 1
set @query = (Select Queries from tempPermissions where ID = @count)
end
select * from tempPermissions
drop table tempPermissions
另外將其限制到一個單一的表添加:
and o.name = 'tablename'
的WHERE dpr.name NOT IN後(「公」,「客人」) 並記住,使其生成要授予權限「表報表編輯SELECT語句TO'不是表格的權限來自'FROM'(這是腳本的作用)。
1
你也可以下載代碼在下面的鏈接並查看它是如何工作
https://gallery.technet.microsoft.com/Extract-Database-dfa53d5a
THIS IS HOW YOU WILL SEE THE OUTPUT OF THIS QUERY
set nocount off
IF OBJECT_ID(N'tempdb..##temp1') IS NOT NULL
DROP TABLE ##temp1
create table ##temp1(query varchar(1000))
insert into ##temp1
select 'use '+db_name() +';'
insert into ##temp1
select 'go'
/*creating database roles*/
insert into ##temp1
select 'if DATABASE_PRINCIPAL_ID('''+name+''') is null
exec sp_addrole '''+name+'''' from sysusers
where issqlrole = 1 and (sid is not null and sid <> 0x0)
/*creating application roles*/
insert into ##temp1
select 'if DATABASE_PRINCIPAL_ID('+char(39)+name+char(39)+')
is null CREATE APPLICATION ROLE ['+name+'] WITH DEFAULT_SCHEMA = ['+
default_schema_name+'], Password='+char(39)+'Pass$w0rd123'+char(39)+' ;'
from sys.database_principals
where type_desc='APPLICATION_ROLE'
insert into ##temp1
select
case
when state_desc='GRANT_WITH_GRANT_OPTION'
then
substring (state_desc,0,6)+' '+permission_name+' to '+'['+USER_NAME(grantee_principal_id)+']'+' WITH GRANT OPTION ;'
else
state_desc+' '+permission_name+' to '+'['+USER_NAME(grantee_principal_id)+']'+' ;'
END
from sys.database_permissions
where class=0 and USER_NAME(grantee_principal_id) not in ('dbo','guest','sys','information_schema')
insert into ##temp1
select
case
when state_desc='GRANT_WITH_GRANT_OPTION'
then
substring (state_desc,0,6)+' '+permission_name+' on '+OBJECT_SCHEMA_NAME(major_id)+'.['+OBJECT_NAME(major_id)
+'] to '+'['+USER_NAME(grantee_principal_id)+']'+' with grant option ;'
else
state_desc+' '+permission_name+' on '+OBJECT_SCHEMA_NAME(major_id)+'.['+OBJECT_NAME(major_id)
+'] to '+'['+USER_NAME(grantee_principal_id)+']'+' ;'
end
from sys.database_permissions where class=1 and USER_NAME(grantee_principal_id) not in ('public');
insert into ##temp1
select
case
when state_desc='GRANT_WITH_GRANT_OPTION'
then
substring (state_desc,0,6)+' '+permission_name+' ON schema::['+sa.name+
'] to ['+user_name(dp.grantee_principal_id)+'] with grant option ;'
else
state_desc+' '+permission_name+' ON schema::['+sa.name+
'] to ['+user_name(dp.grantee_principal_id)+'] ;'
COLLATE LATIN1_General_CI_AS
end
from sys.database_permissions dp inner join sys.schemas sa on
sa.schema_id = dp.major_id where dp.class=3
insert into ##temp1
select
case
when state_desc='GRANT_WITH_GRANT_OPTION'
then
substring (state_desc,0,6)+' '+permission_name+' ON APPLICATION ROLE::['+sa.name+
'] to ['+user_name(dp.grantee_principal_id)+'] with grant option ;'
else
state_desc+' '+permission_name+' ON APPLICATION ROLE::['+sa.name+
'] to ['+user_name(dp.grantee_principal_id)+'] ;'
COLLATE LATIN1_General_CI_AS
end
from sys.database_permissions dp inner join sys.database_principals sa on
sa.principal_id = dp.major_id where dp.class=4 and sa.type='A'
insert into ##temp1
select
case
when state_desc='GRANT_WITH_GRANT_OPTION'
then
substring (state_desc,0,6)+' '+permission_name+' ON ROLE::['+sa.name+
'] to ['+user_name(dp.grantee_principal_id)+'] with grant option ;'
else
state_desc+' '+permission_name+' ON ROLE::['+sa.name+
'] to ['+user_name(dp.grantee_principal_id)+'] ;'
COLLATE LATIN1_General_CI_AS
end
from sys.database_permissions dp inner join
sys.database_principals sa on sa.principal_id = dp.major_id
where dp.class=4 and sa.type='R'
insert into ##temp1
select
case
when state_desc='GRANT_WITH_GRANT_OPTION'
then
substring (state_desc,0,6)+' '+permission_name+' ON ASSEMBLY::['+sa.name+
'] to ['+user_name(dp.grantee_principal_id)+'] with grant option ;'
else
state_desc+' '+permission_name+' ON ASSEMBLY::['+sa.name+
'] to ['+user_name(dp.grantee_principal_id)+'] ;'
COLLATE LATIN1_General_CI_AS
end
from sys.database_permissions dp inner join sys.assemblies sa on
sa.assembly_id = dp.major_id
where dp.class=5
insert into ##temp1
select
case
when state_desc='GRANT_WITH_GRANT_OPTION'
then
substring (state_desc,0,6)+' '+permission_name+' ON type::['
+SCHEMA_NAME(schema_id)+'].['+sa.name+
'] to ['+user_name(dp.grantee_principal_id)+'] with grant option ;'
else
state_desc+' '+permission_name+' ON type::['
+SCHEMA_NAME(schema_id)+'].['+sa.name+
'] to ['+user_name(dp.grantee_principal_id)+'] ;'
COLLATE LATIN1_General_CI_AS
end
from sys.database_permissions dp inner join sys.types sa on
sa.user_type_id = dp.major_id
where dp.class=6
insert into ##temp1
select
case
when state_desc='GRANT_WITH_GRANT_OPTION'
then
substring (state_desc,0,6)+' '+permission_name+' ON XML SCHEMA COLLECTION::['+
SCHEMA_NAME(SCHEMA_ID)+'].['+sa.name+'] to ['+user_name(dp.grantee_principal_id)+'] with grant option ;'
else
state_desc+' '+permission_name+' ON XML SCHEMA COLLECTION::['+
SCHEMA_NAME(SCHEMA_ID)+'].['+sa.name+'] to ['+user_name(dp.grantee_principal_id)+'];'
COLLATE LATIN1_General_CI_AS
end
from sys.database_permissions dp inner join sys.xml_schema_collections sa on
sa.xml_collection_id = dp.major_id
where dp.class=10
insert into ##temp1
select
case
when state_desc='GRANT_WITH_GRANT_OPTION'
then
substring (state_desc,0,6)+' '+permission_name+' ON message type::['+sa.name+
'] to ['+user_name(dp.grantee_principal_id)+'] with grant option ;'
else
state_desc+' '+permission_name+' ON message type::['+sa.name+
'] to ['+user_name(dp.grantee_principal_id)+'] ;'
COLLATE LATIN1_General_CI_AS
end
from sys.database_permissions dp inner join sys.service_message_types sa on
sa.message_type_id = dp.major_id
where dp.class=15
insert into ##temp1
select
case
when state_desc='GRANT_WITH_GRANT_OPTION'
then
substring (state_desc,0,6)+' '+permission_name+' ON contract::['+sa.name+
'] to ['+user_name(dp.grantee_principal_id)+'] with grant option ;'
else
state_desc+' '+permission_name+' ON contract::['+sa.name+
'] to ['+user_name(dp.grantee_principal_id)+'] ;'
COLLATE LATIN1_General_CI_AS
end
from sys.database_permissions dp inner join sys.service_contracts sa on
sa.service_contract_id = dp.major_id
where dp.class=16
insert into ##temp1
select
case
when state_desc='GRANT_WITH_GRANT_OPTION'
then
substring (state_desc,0,6)+' '+permission_name+' ON SERVICE::['+sa.name+
'] to ['+user_name(dp.grantee_principal_id)+'] with grant option ;'
else
state_desc+' '+permission_name+' ON SERVICE::['+sa.name+
'] to ['+user_name(dp.grantee_principal_id)+'] ;'
COLLATE LATIN1_General_CI_AS
end
from sys.database_permissions dp inner join sys.services sa on
sa.service_id = dp.major_id
where dp.class=17
insert into ##temp1
select
case
when state_desc='GRANT_WITH_GRANT_OPTION'
then
substring (state_desc,0,6)+' '+permission_name+' ON REMOTE SERVICE BINDING::['+sa.name+
'] to ['+user_name(dp.grantee_principal_id)+'] with grant option ;'
else
state_desc+' '+permission_name+' ON REMOTE SERVICE BINDING::['+sa.name+
'] to ['+user_name(dp.grantee_principal_id)+'] ;'
COLLATE LATIN1_General_CI_AS
end
from sys.database_permissions dp inner join sys.remote_service_bindings sa on
sa.remote_service_binding_id = dp.major_id
where dp.class=18
insert into ##temp1
select
case
when state_desc='GRANT_WITH_GRANT_OPTION'
then
substring (state_desc,0,6)+' '+permission_name+' ON route::['+sa.name+
'] to ['+user_name(dp.grantee_principal_id)+'] with grant option ;'
else
state_desc+' '+permission_name+' ON route::['+sa.name+
'] to ['+user_name(dp.grantee_principal_id)+'] ;'
COLLATE LATIN1_General_CI_AS
end
from sys.database_permissions dp inner join sys.routes sa on
sa.route_id = dp.major_id
where dp.class=19
insert into ##temp1
select
case
when state_desc='GRANT_WITH_GRANT_OPTION'
then
substring (state_desc,0,6)+' '+permission_name+' ON FULLTEXT CATALOG::['+sa.name+
'] to ['+user_name(dp.grantee_principal_id)+'] with grant option ;'
else
state_desc+' '+permission_name+' ON FULLTEXT CATALOG::['+sa.name+
'] to ['+user_name(dp.grantee_principal_id)+'] ;'
COLLATE LATIN1_General_CI_AS
end
from sys.database_permissions dp inner join sys.fulltext_catalogs sa on
sa.fulltext_catalog_id = dp.major_id
where dp.class=23
insert into ##temp1
select
case
when state_desc='GRANT_WITH_GRANT_OPTION'
then
substring (state_desc,0,6)+' '+permission_name+' ON SYMMETRIC KEY::['+sa.name+
'] to ['+user_name(dp.grantee_principal_id)+'] with grant option ;'
else
state_desc+' '+permission_name+' ON SYMMETRIC KEY::['+sa.name+
'] to ['+user_name(dp.grantee_principal_id)+'] ;'
COLLATE LATIN1_General_CI_AS
end
from sys.database_permissions dp inner join sys.symmetric_keys sa on
sa.symmetric_key_id = dp.major_id
where dp.class=24
insert into ##temp1
select
case
when state_desc='GRANT_WITH_GRANT_OPTION'
then
substring (state_desc,0,6)+' '+permission_name+' ON certificate::['+sa.name+
'] to ['+user_name(dp.grantee_principal_id)+'] with grant option ;'
else
state_desc+' '+permission_name+' ON certificate::['+sa.name+
'] to ['+user_name(dp.grantee_principal_id)+'] ;'
COLLATE LATIN1_General_CI_AS
end
from sys.database_permissions dp inner join sys.certificates sa on
sa.certificate_id = dp.major_id
where dp.class=25
insert into ##temp1
select
case
when state_desc='GRANT_WITH_GRANT_OPTION'
then
substring (state_desc,0,6)+' '+permission_name+' ON ASYMMETRIC KEY::['+sa.name+
'] to ['+user_name(dp.grantee_principal_id)+'] with grant option ;'
else
state_desc+' '+permission_name+' ON ASYMMETRIC KEY::['+sa.name+
'] to ['+user_name(dp.grantee_principal_id)+'] ;'
COLLATE LATIN1_General_CI_AS
end
from sys.database_permissions dp inner join sys.asymmetric_keys sa on
sa.asymmetric_key_id = dp.major_id
where dp.class=26
insert into ##temp1
select 'exec sp_addrolemember ''' +p.NAME+''','+'['+m.NAME+']'+' ;'
FROM sys.database_role_members rm
JOIN sys.database_principals p
ON rm.role_principal_id = p.principal_id
JOIN sys.database_principals m
ON rm.member_principal_id = m.principal_id
where m.name not like 'dbo';
select * from ##temp1
1
我們的版本:
SET NOCOUNT ON
DECLARE @message NVARCHAR(MAX)
-- GENERATE LOGINS CREATE SCRIPT
USE [master]
-- creating accessory procedure
IF EXISTS (SELECT 1 FROM sys.objects WHERE object_id = OBJECT_ID(N'sp_hexadecimal') AND type IN (N'P', N'PC'))
DROP PROCEDURE [dbo].[sp_hexadecimal]
EXEC('
CREATE PROCEDURE [dbo].[sp_hexadecimal]
@binvalue varbinary(256),
@hexvalue varchar (514) OUTPUT
AS
DECLARE @charvalue varchar (514)
DECLARE @i int
DECLARE @length int
DECLARE @hexstring char(16)
SELECT @charvalue = ''0x''
SELECT @i = 1
SELECT @length = DATALENGTH (@binvalue)
SELECT @hexstring = ''ABCDEF''
WHILE (@i <= @length)
BEGIN
DECLARE @tempint int
DECLARE @firstint int
DECLARE @secondint int
SELECT @tempint = CONVERT(int, SUBSTRING(@binvalue,@i,1))
SELECT @firstint = FLOOR(@tempint/16)
SELECT @secondint = @tempint - (@firstint*16)
SELECT @charvalue = @charvalue +
SUBSTRING(@hexstring, @firstint+1, 1) +
SUBSTRING(@hexstring, @secondint+1, 1)
SELECT @i = @i + 1
END
SELECT @hexvalue = @charvalue')
SET @message = '-- CREATE LOGINS' + CHAR(13) + CHAR(13) +'USE [master]' + CHAR(13)
DECLARE @name sysname
DECLARE @type varchar (1)
DECLARE @hasaccess int
DECLARE @denylogin int
DECLARE @is_disabled int
DECLARE @PWD_varbinary varbinary (256)
DECLARE @PWD_string varchar (514)
DECLARE @SID_varbinary varbinary (85)
DECLARE @SID_string varchar (514)
DECLARE @tmpstr NVARCHAR(MAX)
DECLARE @is_policy_checked varchar (3)
DECLARE @is_expiration_checked varchar (3)
DECLARE @defaultdb sysname
DECLARE login_curs CURSOR FOR
SELECT p.sid, p.name, p.type, p.is_disabled, p.default_database_name, l.hasaccess, l.denylogin FROM
sys.server_principals p LEFT JOIN sys.syslogins l
ON (l.name = p.name) WHERE p.type IN ('S', 'G', 'U') AND p.name <> 'sa'
OPEN login_curs
FETCH NEXT FROM login_curs INTO @SID_varbinary, @name, @type, @is_disabled, @defaultdb, @hasaccess, @denylogin
IF (@@fetch_status = -1)
BEGIN
PRINT 'No login(s) found.'
CLOSE login_curs
DEALLOCATE login_curs
END
WHILE (@@fetch_status <> -1)
BEGIN
IF (@@fetch_status <> -2)
BEGIN
IF (@type IN ('G', 'U'))
BEGIN -- NT authenticated account/group
SET @tmpstr = 'IF NOT EXISTS (SELECT loginname FROM master.dbo.syslogins WHERE name = ''' + @name + ''' AND dbname = ''' + @defaultdb + ''')' + CHAR(13) +
'BEGIN TRY' + CHAR(13) +
' CREATE LOGIN ' + QUOTENAME(@name) + ' FROM WINDOWS WITH DEFAULT_DATABASE = [' + @defaultdb + ']'
END
ELSE BEGIN -- SQL Server authentication
-- obtain password and sid
SET @PWD_varbinary = CAST(LOGINPROPERTY(@name, 'PasswordHash') AS varbinary (256))
EXEC sp_hexadecimal @PWD_varbinary, @PWD_string OUT
EXEC sp_hexadecimal @SID_varbinary,@SID_string OUT
-- obtain password policy state
SELECT @is_policy_checked = CASE is_policy_checked WHEN 1 THEN 'ON' WHEN 0 THEN 'OFF' ELSE NULL END FROM sys.sql_logins WHERE name = @name
SELECT @is_expiration_checked = CASE is_expiration_checked WHEN 1 THEN 'ON' WHEN 0 THEN 'OFF' ELSE NULL END FROM sys.sql_logins WHERE name = @name
SET @tmpstr = 'IF NOT EXISTS (SELECT loginname FROM master.dbo.syslogins WHERE name = ''' + @name + ''' AND dbname = ''' + @defaultdb + ''')' + CHAR(13) +
'BEGIN TRY' + CHAR(13) +
' CREATE LOGIN ' + QUOTENAME(@name) + ' WITH PASSWORD = ' + @PWD_string + ' HASHED, SID = ' + @SID_string + ', DEFAULT_DATABASE = [' + @defaultdb + ']'
IF (@is_policy_checked IS NOT NULL)
BEGIN
SET @tmpstr = @tmpstr + ', CHECK_POLICY = ' + @is_policy_checked
END
IF (@is_expiration_checked IS NOT NULL)
BEGIN
SET @tmpstr = @tmpstr + ', CHECK_EXPIRATION = ' + @is_expiration_checked
END
END
IF (@denylogin = 1)
BEGIN -- login is denied access
SET @tmpstr = @tmpstr + '; DENY CONNECT SQL TO ' + QUOTENAME(@name)
END
ELSE IF (@hasaccess = 0)
BEGIN -- login exists but does not have access
SET @tmpstr = @tmpstr + '; REVOKE CONNECT SQL TO ' + QUOTENAME(@name)
END
IF (@is_disabled = 1)
BEGIN -- login is disabled
SET @tmpstr = @tmpstr + '; ALTER LOGIN ' + QUOTENAME(@name) + ' DISABLE'
END
SET @tmpstr = @tmpstr + CHAR(13) + 'END TRY' + CHAR(13) + 'BEGIN CATCH' + CHAR(13) + 'END CATCH'
SET @message = @message + CHAR(13) + @tmpstr
END
FETCH NEXT FROM login_curs INTO @SID_varbinary, @name, @type, @is_disabled, @defaultdb, @hasaccess, @denylogin
END
CLOSE login_curs
DEALLOCATE login_curs
--removing accessory procedure
DROP PROCEDURE [dbo].[sp_hexadecimal]
-- GENERATE SERVER PERMISSIONS
USE [master]
DECLARE @ServerPrincipal SYSNAME
DECLARE @PrincipalType SYSNAME
DECLARE @PermissionName SYSNAME
DECLARE @StateDesc SYSNAME
SET @message = @message + CHAR(13) + CHAR(13) + '-- CREATE SERVER PERMISSIONS' + CHAR(13) + CHAR(13) +'USE [master]' + CHAR(13)
DECLARE server_permissions_curs CURSOR FOR
SELECT
[srvprin].[name] [server_principal],
[srvprin].[type_desc] [principal_type],
[srvperm].[permission_name],
[srvperm].[state_desc]
FROM [sys].[server_permissions] srvperm
INNER JOIN [sys].[server_principals] srvprin
ON [srvperm].[grantee_principal_id] = [srvprin].[principal_id]
WHERE [srvprin].[type] IN ('S', 'U', 'G') AND [srvprin].name NOT IN ('sa', 'dbo', 'information_schema', 'sys')
ORDER BY [server_principal], [permission_name];
OPEN server_permissions_curs
FETCH NEXT FROM server_permissions_curs INTO @ServerPrincipal, @PrincipalType, @PermissionName, @StateDesc
WHILE (@@fetch_status <> -1)
BEGIN
SET @message = @message + CHAR(13) + 'BEGIN TRY' + CHAR(13) +
@StateDesc + N' ' + @PermissionName + N' TO ' + QUOTENAME(@ServerPrincipal) +
+ CHAR(13) + 'END TRY' + CHAR(13) + 'BEGIN CATCH' + CHAR(13) + 'END CATCH'
FETCH NEXT FROM server_permissions_curs INTO @ServerPrincipal, @PrincipalType, @PermissionName, @StateDesc
END
CLOSE server_permissions_curs
DEALLOCATE server_permissions_curs
--GENERATE USERS AND PERMISSION SCRIPT FOR EVERY DATABASE
SET @message = @message + CHAR(13) + CHAR(13) + N'--ENUMERATE DATABASES'
DECLARE @databases TABLE (
DatabaseName SYSNAME,
DatabaseSize INT,
Remarks SYSNAME NULL
)
INSERT INTO
@databases EXEC sp_databases
DECLARE @DatabaseName SYSNAME
DECLARE database_curs CURSOR FOR
SELECT DatabaseName FROM @databases WHERE DatabaseName IN (N'${DatabaseName}')
OPEN database_curs
FETCH NEXT FROM database_curs INTO @DatabaseName
WHILE (@@fetch_status <> -1)
BEGIN
SET @tmpStr =
N'USE ' + QUOTENAME(@DatabaseName) + '
DECLARE @tmpstr NVARCHAR(MAX)
SET @messageOut = CHAR(13) + CHAR(13) + ''USE ' + QUOTENAME(@DatabaseName) + ''' + CHAR(13)
-- GENERATE USERS SCRIPT
SET @messageOut = @messageOut + CHAR(13) + ''-- CREATE USERS '' + CHAR(13)
DECLARE @users TABLE (
UserName SYSNAME Null,
RoleName SYSNAME Null,
LoginName SYSNAME Null,
DefDBName SYSNAME Null,
DefSchemaName SYSNAME Null,
UserID INT Null,
[SID] varbinary(85) Null
)
INSERT INTO
@users EXEC sp_helpuser
DECLARE @UserName SYSNAME
DECLARE @LoginName SYSNAME
DECLARE @DefSchemaName SYSNAME
DECLARE user_curs CURSOR FOR
SELECT UserName, LoginName, DefSchemaName FROM @users
OPEN user_curs
FETCH NEXT FROM user_curs INTO @UserName, @LoginName, @DefSchemaName
WHILE (@@fetch_status <> -1)
BEGIN
SET @messageOut = @messageOut + CHAR(13) +
''IF NOT EXISTS (SELECT * FROM sys.database_principals WHERE name = N''''''+ @UserName +'''''')''
+ CHAR(13) + ''BEGIN TRY'' + CHAR(13) +
'' CREATE USER '' + QUOTENAME(@UserName)
IF (@LoginName IS NOT NULL)
SET @messageOut = @messageOut + '' FOR LOGIN '' + QUOTENAME(@LoginName)
ELSE
SET @messageOut = @messageOut + '' WITHOUT LOGIN''
IF (@DefSchemaName IS NOT NULL)
SET @messageOut = @messageOut + '' WITH DEFAULT_SCHEMA = '' + QUOTENAME(@DefSchemaName)
SET @messageOut = @messageOut + CHAR(13) + ''END TRY'' + CHAR(13) + ''BEGIN CATCH'' + CHAR(13) + ''END CATCH''
FETCH NEXT FROM user_curs INTO @UserName, @LoginName, @DefSchemaName
END
CLOSE user_curs
DEALLOCATE user_curs
-- GENERATE ROLES
SET @messageOut = @messageOut + CHAR(13) + CHAR(13) + ''-- CREATE ROLES '' + CHAR(13)
SELECT @messageOut = @messageOut + CHAR(13) + ''BEGIN TRY'' + CHAR(13) +
N''EXEC sp_addrolemember N''''''+ rp.name +'''''', N''''''+ mp.name +''''''''
+ CHAR(13) + ''END TRY'' + CHAR(13) + ''BEGIN CATCH'' + CHAR(13) + ''END CATCH''
FROM sys.database_role_members drm
join sys.database_principals rp ON (drm.role_principal_id = rp.principal_id)
join sys.database_principals mp ON (drm.member_principal_id = mp.principal_id)
WHERE mp.name NOT IN (N''dbo'')
-- GENERATE PERMISSIONS
SET @messageOut = @messageOut + CHAR(13) + CHAR(13) + ''-- CREATE PERMISSIONS '' + CHAR(13)
SELECT @messageOut = @messageOut + CHAR(13) + ''BEGIN TRY'' + CHAR(13) +
'' GRANT '' + dp.permission_name collate latin1_general_cs_as +
'' ON '' + QUOTENAME(s.name) + ''.'' + QUOTENAME(o.name) + '' TO '' + QUOTENAME(dpr.name) +
+ CHAR(13) + ''END TRY'' + CHAR(13) + ''BEGIN CATCH'' + CHAR(13) + ''END CATCH''
FROM sys.database_permissions AS dp
INNER JOIN sys.objects AS o ON dp.major_id=o.object_id
INNER JOIN sys.schemas AS s ON o.schema_id = s.schema_id
INNER JOIN sys.database_principals AS dpr ON dp.grantee_principal_id=dpr.principal_id
WHERE dpr.name NOT IN (''public'',''guest'')'
EXECUTE sp_executesql @tmpStr, N'@messageOut NVARCHAR(MAX) OUTPUT', @messageOut = @tmpstr OUTPUT
SET @message = @message + @tmpStr
FETCH NEXT FROM database_curs INTO @DatabaseName
END
CLOSE database_curs
DEALLOCATE database_curs
SELECT @message
1
SELECT
dp.state_desc + ' '
+ dp.permission_name collate latin1_general_cs_as
+ ISNULL((' ON ' + QUOTENAME(s.name) + '.' + QUOTENAME(o.name)),'')
+ ' TO ' + QUOTENAME(dpr.name)
FROM sys.database_permissions AS dp
LEFT JOIN sys.objects AS o ON dp.major_id=o.object_id
LEFT JOIN sys.schemas AS s ON o.schema_id = s.schema_id
LEFT JOIN sys.database_principals AS dpr ON dp.grantee_principal_id=dpr.principal_id
WHERE dpr.name NOT IN ('public','guest')
如果您希望獲取除對象級別之外的數據庫級別應用的權限,則輕微更改已接受的答案。基本上切換到LEFT JOIN並確保處理NULL爲object和schemanames。
1
declare @DBRoleName varchar(40) = 'yourUserName'
SELECT 'GRANT ' + dbprm.permission_name + ' ON ' + OBJECT_SCHEMA_NAME(major_id) + '.' + OBJECT_NAME(major_id) + ' TO ' + dbrol.name + char(13) COLLATE Latin1_General_CI_AS
from sys.database_permissions dbprm
join sys.database_principals dbrol on
dbprm.grantee_principal_id = dbrol.principal_id
where dbrol.name = @DBRoleName
http://www.sqlserver-dba.com/2014/10/how-to-script-database-role-permissions-and-securables.html
我發現這是生成一個腳本複製環境
0
擴大在https://stackoverflow.com/a/1987215/275388提供的答案,失敗的數據庫/模式廣泛權限和數據庫之間的訪問的最佳解決方案您可以使用的用戶類型:
SELECT
CASE
WHEN dp.class_desc = 'OBJECT_OR_COLUMN' THEN
dp.state_desc + ' ' + dp.permission_name collate latin1_general_cs_as +
' ON ' + '[' + obj_sch.name + ']' + '.' + '[' + o.name + ']' +
' TO ' + '[' + dpr.name + ']'
WHEN dp.class_desc = 'DATABASE' THEN
dp.state_desc + ' ' + dp.permission_name collate latin1_general_cs_as +
' TO ' + '[' + dpr.name + ']'
WHEN dp.class_desc = 'SCHEMA' THEN
dp.state_desc + ' ' + dp.permission_name collate latin1_general_cs_as +
' ON SCHEMA ' + '[' + SCHEMA_NAME(dp.major_id) + ']' +
' TO ' + '[' + dpr.name + ']'
WHEN dp.class_desc = 'TYPE' THEN
dp.state_desc + ' ' + dp.permission_name COLLATE Latin1_General_CS_AS +
' ON TYPE::[' + s_types.name + '].[' + t.name + ']'
+ ' TO [' + dpr.name + ']'
ELSE
'ERROR: Unhandled class_desc: ' + dp.class_desc
END
AS GRANT_STMT
FROM sys.database_permissions AS dp
JOIN sys.database_principals AS dpr ON dp.grantee_principal_id=dpr.principal_id
LEFT JOIN sys.objects AS o ON dp.major_id=o.object_id
LEFT JOIN sys.schemas AS obj_sch ON o.schema_id = obj_sch.schema_id
LEFT JOIN sys.types AS t ON dp.major_id = t.user_type_id
LEFT JOIN sys.schemas AS s_types ON t.schema_id = s_types.schema_id
WHERE
dpr.name NOT IN ('public','guest')
-- AND o.name IN ('My_Procedure') -- Uncomment to filter to specific object(s)
-- AND dp.permission_name='EXECUTE' -- Uncomment to filter to just the EXECUTEs
-- AND dpr.name LIKE '%user_name%' -- Uncomment to filter to just matching users
ORDER BY dpr.name, dp.class_desc, dp.permission_name
相關問題
- 1. SQL Server權限
- 2. SQL腳本授予用戶權限SQL Server報表服務
- 3. SQL Server sys.credentials權限
- 4. sql server express權限
- 5. SQL Server 2008 CONTROL SERVER權限
- 6. 帶有Execute的SQL Server運行腳本導致權限錯誤
- 7. 修改登錄權限的SQL腳本
- 8. SQL Server 2005,權限驗證
- 9. SQL Server 2008中的權限
- 10. SQL Server 2008權限問題
- 11. SQL Server只讀權限
- 12. SQL Server:表上的權限
- 13. SP_LINKEDSERVER的SQL Server權限
- 14. SQL Server 2005用戶權限
- 15. SQL Server更新權限
- 16. SQL Server用戶表權限
- 17. 權限,Python腳本
- 18. PowerShell腳本權限
- 19. 對SQL Server用戶的有限權限
- 20. java腳本 - DOM權限
- 21. 設置權限在腳本
- 22. 谷歌腳本setValue權限
- 23. bash腳本權限列表
- 24. Tomcat sh腳本權限
- 25. 腳本安全權限
- 26. Google腳本共享權限
- 27. SQL Server代理權限與用戶權限
- 28. 如何放棄SQL Server 2008中的權限(表)權限?
- 29. SQL Server合併複製權限問題
- 30. SQL server-DTS包:最小權限
此腳本將DENY變成GRANT。您需要將''GRANT''部分更改爲'dp.state_desc +'''。圍繞s.name,o.name和dpr.name添加'QUOTENAME()'也將極大地幫助這個腳本。 – Mark 2013-12-30 22:09:51
令人敬畏的查詢,這已經生成了我需要的所有權限,我只需要添加一個where子句來限制它到我想要的模式和bam。真棒劇本。 – Tony 2016-06-21 17:05:35
當您授予或拒絕數據庫上的整個DML操作時,此腳本將會錯過例如GRANT SELECT TO [USerName] – Matt 2017-05-26 00:16:58