自動化通過存儲過程或自動過程通過存儲過程
測試用例複製從登錄/用戶到另一個登錄/用戶權限的過程自動化登錄/用戶在SQL服務器到另一個登錄/用戶的權限:
Create Login2/user like Login1/user for all databases
Create Login2/user like Login1/user for single database
Mirror Login2/user like Login1/user for all databases
Mirror Login2/user like Login1/user for single database
Augment Login2/user permissions from Login1/user for all databases
Augment Login2/user permissions from Login1/user for single database
IF EXISTS (
SELECT *
FROM dbo.sysobjects
WHERE id = object_id(N'[dbo].[USP_Duplicate_Login]')
AND OBJECTPROPERTY(id, N'IsProcedure') = 1
)
DROP PROCEDURE [dbo].[USP_Duplicate_Login]
GO
/此存儲過程將在服務器Permissioms(服務器角色成員,自定義服務器角色和服務器的權限)從 @EXISTING_USER複製到@LOGIN_TO_BE_DUPLICATED/
[email protected]_login- from which Server Permissions will be Copied
[email protected]_TO_BE_DUPLICATED-To the login, Permissions are Copied
CREATE PROCEDURE [dbo].[USP_Duplicate_Login]
@LOGIN_TO_BE_DUPLICATED sysname ,
@existing_login sysname
AS
BEGIN
DECLARE @SQL nvarchar(MAX);
DECLARE @Return int;
- 查詢處理服務器角色 BEGIN TRAN; DECLARE cursRoleMemberSQL CURSOR FAST_FORWARD FOR
SELECT 'EXEC sp_addsrvrolemember @loginame = ''' + @LOGIN_TO_BE_DUPLICATED+ ''', @rolename = ''' + R.name + ''';' AS 'SQL'
FROM sys.server_role_members AS RM JOIN sys.server_principals AS L ON RM.member_principal_id = L.principal_id
JOIN sys.server_principals AS R ON RM.role_principal_id = R.principal_id WHERE L.name = @existing_login;
OPEN cursRoleMemberSQL;
FETCH FROM cursRoleMemberSQL INTO @SQL;
WHILE (@@FETCH_STATUS = 0)
BEGIN
PRINT @SQL;
EXECUTE @Return = sp_executesql @SQL;
IF (@Return <> 0)
BEGIN
ROLLBACK TRAN;
RAISERROR('Error encountered assigning role memberships.', 16, 1);
CLOSE cursRoleMembersSQL;
DEALLOCATE cursRoleMembersSQL;
RETURN(1);
END
FETCH NEXT FROM cursRoleMemberSQL INTO @SQL;
END;
CLOSE cursRoleMemberSQL;
DEALLOCATE cursRoleMemberSQL;
--Query to handle Server Permissions
DECLARE cursServerPermissionSQL CURSOR FAST_FORWARD
FOR
SELECT CASE P.state WHEN 'W'
THEN 'USE master; GRANT ' + P.permission_name + ' TO [' + @LOGIN_TO_BE_DUPLICATED + '] WITH GRANT OPTION;'
ELSE
'USE master; ' + P.state_desc + ' ' + P.permission_name + ' TO [' + @LOGIN_TO_BE_DUPLICATED + '];' END AS 'SQL'
FROM sys.server_permissions AS P JOIN sys.server_principals AS L ON P.grantee_principal_id = L.principal_id
WHERE L.name = @existing_login AND P.class = 100 AND P.type <> 'COSQ'
UNION ALL
SELECT CASE P.state WHEN 'W'
THEN
'USE master; GRANT ' + P.permission_name + ' ON LOGIN::[' + L2.name + '] TO [' + @LOGIN_TO_BE_DUPLICATED + '] WITH GRANT OPTION;' COLLATE DATABASE_DEFAULT
ELSE
'USE master; ' + P.state_desc + ' ' + P.permission_name + ' ON LOGIN::[' + L2.name + '] TO [' + @LOGIN_TO_BE_DUPLICATED + '];' COLLATE DATABASE_DEFAULT
END AS 'SQL'
FROM sys.server_permissions AS P JOIN sys.server_principals AS L ON P.grantee_principal_id = L.principal_id
JOIN sys.server_principals AS L2 ON P.major_id = L2.principal_id WHERE L.name = @existing_login AND P.class = 101
OPEN cursServerPermissionSQL;
FETCH FROM cursServerPermissionSQL INTO @SQL;
WHILE (@@FETCH_STATUS = 0)
BEGIN
PRINT @SQL;
EXEC @Return = sp_executesql @SQL;
IF (@Return <> 0)
BEGIN
ROLLBACK TRAN;
RAISERROR('Error encountered adding server level permissions', 16, 1);
CLOSE cursServerPermissionSQL;
DEALLOCATE cursServerPermissionSQL;
RETURN(1);
END
FETCH NEXT FROM cursServerPermissionSQL INTO @SQL;
END;
CLOSE cursServerPermissionSQL;
DEALLOCATE cursServerPermissionSQL;
COMMIT TRAN;
END;
GO
For Duplicating User Permissions
IF EXISTS (
SELECT *
FROM dbo.sysobjects
WHERE id = object_id(N'[dbo].[USP_DB_PERMISSIONS]')
AND OBJECTPROPERTY(id, N'IsProcedure') = 1
)
DROP PROCEDURE [dbo].[USP_DB_PERMISSIONS]
GO
/****** Object: StoredProcedure [dbo].[USP_DB_PERMISSIONS] ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
/*This Stored Procedure will generate the DB Permissioms(Database Role Membership, Custom Database Roles, Database Permissions, Object Permissions, Schema Permissions, User Permissions from
@DUPLICATE_USER TO @USER_TO_BE_DUPLICATED*/
[email protected] Name from which Database Permissions has to be Copied
[email protected]_USER- From which User Permissions will be Copied
[email protected]_TO_BE_DUPLICATED--To the User, Permissions are generated to
CREATE PROCEDURE [dbo].[USP_DB_PERMISSIONS] @DBNAME SYSNAME, @DUPLICATE_USER SYSNAME, @USER_TO_BE_DUPLICATED SYSNAME
AS
BEGIN
DECLARE @SQL VARCHAR(MAX)
DECLARE @SQL1 VARCHAR(MAX)
DECLARE @SQL2 VARCHAR(MAX)
DECLARE @SQL3 VARCHAR(MAX)
DECLARE @SQL4 VARCHAR(MAX)
DECLARE @SQL5 VARCHAR(MAX)
DECLARE @SQL6 VARCHAR(MAX)
SET @SQL = 'USE [' + @DBName + ']; IF NOT EXISTS(SELECT name FROM sys.database_principals
WHERE name = ''' + @USER_TO_BE_DUPLICATED + ''')
BEGIN
CREATE USER [' + @USER_TO_BE_DUPLICATED + '] FROM LOGIN [' + @USER_TO_BE_DUPLICATED + '];
END;';
EXEC (@SQL)
--Database Role Membership
SET @SQL1 = 'SELECT '' ALTER ROLE [''+r.name+''] ADD MEMBER [' + @USER_TO_BE_DUPLICATED +'] ;''AS ''' + @DBName + ' Database Role Membership''
FROM [' + @DBName + '].sys.database_principals AS U
JOIN [' + @DBName + '].sys.database_role_members AS RM
ON U.principal_id = RM.member_principal_id
JOIN [' + @DBName + '].sys.database_principals AS R
ON RM.role_principal_id = R.principal_id
WHERE U.name = ''' + @DUPLICATE_USER + ''';';
EXEC (@SQL1);
--Database Permissions
SET @SQL2='SELECT CASE [state]
WHEN ''W'' THEN ''GRANT '' + permission_name + '' ON DATABASE::['
+ @DBName + '] TO [' + @USER_TO_BE_DUPLICATED + '] WITH GRANT OPTION;'' COLLATE DATABASE_DEFAULT
ELSE state_desc + '' '' + permission_name + '' ON DATABASE::['
+ @DBNAME + '] TO [' + @USER_TO_BE_DUPLICATED + '];'' COLLATE DATABASE_DEFAULT
END AS ''' + @DBName + ' Database Permissions''
FROM [' + @DBName + '].sys.database_permissions AS P
JOIN [' + @DBName + '].sys.database_principals AS U
ON P.grantee_principal_id = U.principal_id
WHERE class = 0
AND P.[type] <> ''CO''
AND U.name = ''' + @DUPLICATE_USER + ''';';
EXEC (@SQL2);
--Schema Permissions
SET @SQL3 = '
SELECT CASE [state]
WHEN ''W'' THEN ''GRANT '' + permission_name + '' ON SCHEMA::[''
+ S.name + ''] TO [' + @USER_TO_BE_DUPLICATED + '] WITH GRANT OPTION;'' COLLATE DATABASE_DEFAULT
ELSE state_desc + '' '' + permission_name + '' ON SCHEMA::[''
+ S.name + ''] TO [' + @USER_TO_BE_DUPLICATED + '];'' COLLATE DATABASE_DEFAULT
END AS ''' + @DBName + ' Schema Permissions''
FROM [' + @DBName + '].sys.database_permissions AS P
JOIN [' + @DBName + '].sys.database_principals AS U
ON P.grantee_principal_id = U.principal_id
JOIN [' + @DBName + '].sys.schemas AS S
ON S.schema_id = P.major_id
WHERE class = 3
AND U.name = ''' + @DUPLICATE_USER + ''';';
exec (@SQL3);
--Object Permissions
SET @SQL4 = '
SELECT CASE [state]
WHEN ''W'' THEN ''GRANT '' + permission_name + '' ON OBJECT:: ['' +s.name+ ''].[''
+ O.name + ''] TO [' + @USER_TO_BE_DUPLICATED + '] WITH GRANT OPTION;'' COLLATE DATABASE_DEFAULT
ELSE state_desc + '' '' + permission_name + '' ON OBJECT::[''+s.name+''].[''
+ O.name + ''] TO [' + @USER_TO_BE_DUPLICATED + '];'' COLLATE DATABASE_DEFAULT
END AS ''' + @DBName + ' Object Permissions''
FROM [' + @DBName + '].sys.database_permissions AS P
JOIN [' + @DBName + '].sys.database_principals AS U
ON P.grantee_principal_id = U.principal_id
JOIN [' + @DBName + '].sys.objects AS O
ON O.object_id = P.major_id
Join [' + @DBName + '].sys.schemas AS S
ON O.schema_id= s.schema_id
WHERE class = 1
AND U.name = ''' + @DUPLICATE_USER + '''
AND P.major_id > 0
AND P.minor_id = 0';
exec (@SQL4)
-- Object Column Permissions
SET @SQL5 = '
SELECT CASE [state]
WHEN ''W'' THEN ''GRANT '' + permission_name + '' ON OBJECT::['' +s.name+ ''].[''
+ O.name + ''] ('' + C.name + '') TO [' + @USER_TO_BE_DUPLICATED + '] WITH GRANT OPTION;''
COLLATE DATABASE_DEFAULT
ELSE state_desc + '' '' + permission_name + '' ON OBJECT::['' +s.name+ ''].[''
+ O.name + ''] ('' + C.name + '') TO [' + @USER_TO_BE_DUPLICATED + '];''
COLLATE DATABASE_DEFAULT
END AS ''' + @DBName + ' Object Column Permissions ''
FROM [' + @DBName + '].sys.database_permissions AS P
JOIN [' + @DBName + '].sys.database_principals AS U
ON P.grantee_principal_id = U.principal_id
JOIN [' + @DBName + '].sys.objects AS O
ON O.object_id = P.major_id
Join [' + @DBName + '].sys.schemas AS S
ON O.schema_id= s.schema_id
JOIN [' + @DBName + '].sys.columns AS C
ON C.column_id = P.minor_id AND o.object_id = C.object_id
WHERE class = 1
AND U.name = ''' + @DUPLICATE_USER + '''
AND P.major_id > 0
AND P.minor_id > 0;'
exec (@SQL5);
--Permissions On Users
SET @SQL6 = '
SELECT CASE [state]
WHEN ''W'' THEN ''GRANT '' + permission_name + '' ON USER::[''
+ U2.name + ''] TO [' + @USER_TO_BE_DUPLICATED + '] WITH GRANT OPTION;'' COLLATE DATABASE_DEFAULT
ELSE state_desc + '' '' + permission_name + '' ON USER::[''
+ U2.name + ''] TO [' + @USER_TO_BE_DUPLICATED + '];'' COLLATE DATABASE_DEFAULT
END AS ''' + @DBName + ' Permissions On Users''
FROM [' + @DBName + '].sys.database_permissions AS P
JOIN [' + @DBName + '].sys.database_principals AS U
ON P.grantee_principal_id = U.principal_id
JOIN [' + @DBName + '].sys.database_principals AS U2
ON U2.principal_id = P.major_id
WHERE class = 4
AND U.name = ''' + @DUPLICATE_USER + ''';';
exec (@SQL6);
END;
GO