8
A
回答
-1
與使用SQL Server Management Studio的任何SQL服務器一樣,如果您不確定如何執行特定的操作(即在線查看書籍,但無法完全弄清楚),則可以使用「腳本操作」查詢窗口「對話框中的」腳本「下拉列表非常有用。
通過使用GUI工具,然後檢查生成的腳本,您可以快速瞭解如何執行更復雜的事情,而您在完成它們的加載之前無法將其保存在內存中。
0
您可以根據需要修改對象選擇的where子句。如果你正在尋找2005年或2008年的腳本,應該是最小的tweeking。
/注意! /這個腳本可能有點危險。
Declare @TableName varchar(100),
@Sql nvarchar(500),
@Result int,
@UserName nvarchar(258)
set @UserName= QuoteName('<your_user>')
Print @UserName
DECLARE
Your_Cursor cursor
LOCAL
FORWARD_ONLY
OPTIMISTIC
FOR
/* if you only want one object to apply permissions to*/
-- select Name from Sysobjects where name = 'Your_TableName'
/*tables*/-- select name from sysobjects where xtype = 'U' order by name
/*views*/-- select name from sysobjects where xtype = 'V' order by name
/*StoredPs*/-- select name from sysobjects where xtype = 'P' order by name
/*UDFs*/-- select name from sysobjects where xtype = 'FN' order by name
/**********************************************************************/
OPEN Your_Cursor
FETCH NEXT from Your_Cursor into @TableName
while (@@fetch_status = 0)
begin
/*Tables*/
-- set @Sql = N'Grant Select On '+ @TableName+ N' To ' + @UserName
-- set exec @Result = sp_executeSql @Sql
-- if @Result = 0
-- begin
-- Print 'Granted Select On '+ @TableName + ' by ' + @UserName
-- end
-- set @Sql = N'Grant Insert On '+ @TableName+ N' To ' + @UserName
-- set exec @Result = sp_executeSql @Sql
-- if @Result = 0
-- begin
-- Print 'Granted Insert On '+ @TableName + ' by ' + @UserName
-- end
-- set @Sql = N'Grant Update On '+ @TableName+ N' To '+ @UserName
-- set exec @Result = sp_executeSql @Sql
-- if @Result = 0
-- begin
-- Print 'Granted Update On '+ @TableName + ' by ' + @UserName
-- end
-- set @Sql = N'Grant Delete On '+ @TableName+ N' To '+ @UserName
-- set exec @Result = sp_executeSql @Sql
-- if @Result = 0
-- begin
-- Print 'Granted Delete On '+ @TableName + ' by ' + @UserName
-- end
/*Stored Procs and UDFs*/
-- set @Sql = N'Grant Execute On '+ @TableName+ N' To '+ @UserName
-- set exec @Result = sp_executeSql @Sql
-- if @Result = 0
-- begin
-- Print 'Granted Execute On '+ @TableName + ' by ' + @UserName
-- end
FETCH NEXT from your_Cursor into @TableName
end
CLOSE Your_Cursor
DEALLOCATE Your_Cursor
0
來自RYU的鏈接已經死亡。
發現了另一個腳本,在這裏做這項工作:
http://blogs.msdn.com/b/blogdoezequiel/archive/2010/04/26/the-sql-swiss-army-knife-1.aspx
在情況下,它不會消亡那就是:
IF EXISTS (SELECT * FROM dbo.sysobjects WHERE id = OBJECT_ID(N'[dbo].[usp_SecurCreation]') AND OBJECTPROPERTY(id, N'IsProcedure') = 1)
DROP PROCEDURE [dbo].[usp_SecurCreation]
GO
CREATE PROCEDURE usp_SecurCreation @User NVARCHAR(128) = NULL, @DB NVARCHAR(256) = NULL
WITH ENCRYPTION
AS
--
-- Does not deal with CERTIFICATE_MAPPED_LOGIN and ASYMMETRIC_KEY_MAPPED_LOGIN types
--
-- All users: EXEC usp_SecurCreation
--
-- One user, All DBs: EXEC usp_SecurCreation '<User>'
--
-- One user, One DBs: EXEC usp_SecurCreation '<User>', '<DBName>'
--
-- All users, One DBs: EXEC usp_SecurCreation NULL, '<DBName>'
--
SET NOCOUNT ON
DECLARE @SC NVARCHAR(4000), @SCUser NVARCHAR(4000), @SCDB NVARCHAR(4000)
CREATE TABLE #TempSecurables ([State] VARCHAR(100),
[State2] VARCHAR(100),
[PermName] VARCHAR(100),
[Type] NVARCHAR(60),
[Grantor] VARCHAR(100),
[User] VARCHAR(100)
)
CREATE TABLE #TempSecurables2 ([DBName] sysname,
[State] VARCHAR(1000)
)
IF @User IS NULL AND @DB IS NULL
BEGIN
--Server level Privileges to User or User Group
INSERT INTO #TempSecurables
SELECT CASE CAST(p.state AS VARCHAR(100)) WHEN 'D' THEN 'DENY' WHEN 'R' THEN 'REVOKE' WHEN 'G' THEN 'GRANT' WHEN 'W' THEN 'GRANT' END,
CASE CAST(p.state AS VARCHAR(100)) WHEN 'W' THEN 'WITH GRANT OPTION' ELSE '' END, CAST(p.permission_name AS VARCHAR(100)), RTRIM(p.class_desc),
(SELECT [name] FROM sys.server_principals WHERE principal_id = p.grantor_principal_id), CAST(l.name AS VARCHAR(100))
FROM sys.server_permissions p JOIN sys.server_principals l
ON p.grantee_principal_id = l.principal_id
AND l.is_disabled = 0
AND l.type IN ('S', 'U', 'G', 'R')
INSERT INTO #TempSecurables2
EXEC master.dbo.sp_MSforeachdb @command1='USE [?]
--Privileges for Procedures/Functions/CLR/Views to the User
SELECT ''[?]'', CASE WHEN (b.state_desc COLLATE database_default) = ''GRANT_WITH_GRANT_OPTION'' THEN ''GRANT'' ELSE (b.state_desc COLLATE database_default) END + '' EXECUTE ON ['' + c.name + ''].['' + a.name + ''] TO '' + QUOTENAME(USER_NAME(b.grantee_principal_id)) +
CASE STATE WHEN ''W'' THEN '' WITH GRANT OPTION''
ELSE '''' END FROM sys.all_objects a, sys.database_permissions b, sys.schemas c
WHERE a.OBJECT_ID = b.major_id AND a.type IN (''X'',''P'',''FN'',''AF'',''FS'',''FT'') AND b.grantee_principal_id <>0
AND b.grantee_principal_id <>2 AND a.schema_id = c.schema_id
ORDER BY c.name
--Table and View Level Privileges to the User
SELECT ''[?]'', ''GRANT '' + privilege_type + '' ON ['' + table_schema + ''].['' + table_name + ''] TO ['' + grantee + '']'' +
CASE IS_GRANTABLE WHEN ''YES'' THEN '' WITH GRANT OPTION''
ELSE '''' END FROM INFORMATION_SCHEMA.TABLE_PRIVILEGES
WHERE GRANTEE <> ''public''
--Column Level Privileges to the User
SELECT ''[?]'', ''GRANT '' + privilege_type + '' ON ['' + table_schema + ''].['' + table_name + ''] ('' + column_name + '') TO ['' + grantee + '']'' +
CASE IS_GRANTABLE WHEN ''YES'' THEN '' WITH GRANT OPTION''
ELSE '''' END FROM INFORMATION_SCHEMA.COLUMN_PRIVILEGES
WHERE GRANTEE <> ''public'''
END
ELSE IF @User IS NULL AND @DB IS NOT NULL
BEGIN
--Server level Privileges to User or User Group
INSERT INTO #TempSecurables
SELECT CASE CAST(p.state AS VARCHAR(100)) WHEN 'D' THEN 'DENY' WHEN 'R' THEN 'REVOKE' WHEN 'G' THEN 'GRANT' WHEN 'W' THEN 'GRANT' END,
CASE CAST(p.state AS VARCHAR(100)) WHEN 'W' THEN 'WITH GRANT OPTION' ELSE '' END, CAST(p.permission_name AS VARCHAR(100)), RTRIM(p.class_desc),
(SELECT [name] FROM sys.server_principals WHERE principal_id = p.grantor_principal_id), CAST(l.name AS VARCHAR(100))
FROM sys.server_permissions AS p JOIN sys.server_principals AS l
ON p.grantee_principal_id = l.principal_id
AND l.is_disabled = 0
AND l.type IN ('S', 'U', 'G', 'R')
SET @SCDB='USE [' + @DB + ']
--Privileges for Procedures/Functions/CLR/Views to the User
SELECT ''[' + @DB + ']'', CASE WHEN (b.state_desc COLLATE database_default) = ''GRANT_WITH_GRANT_OPTION'' THEN ''GRANT'' ELSE (b.state_desc COLLATE database_default) END + '' EXECUTE ON ['' + c.name + ''].['' + a.name + ''] TO '' + QUOTENAME(USER_NAME(b.grantee_principal_id)) +
CASE STATE WHEN ''W'' THEN '' WITH GRANT OPTION''
ELSE '''' END FROM sys.all_objects a, sys.database_permissions b, sys.schemas c
WHERE a.OBJECT_ID = b.major_id AND a.type IN (''X'',''P'',''FN'',''AF'',''FS'',''FT'') AND b.grantee_principal_id <>0
AND b.grantee_principal_id <>2 AND a.schema_id = c.schema_id
ORDER BY c.name
--Table and View Level Privileges to the User
SELECT ''[' + @DB + ']'', ''GRANT '' + privilege_type + '' ON ['' + table_schema + ''].['' + table_name + ''] TO ['' + grantee + '']'' +
CASE IS_GRANTABLE WHEN ''YES'' THEN '' WITH GRANT OPTION''
ELSE '''' END FROM INFORMATION_SCHEMA.TABLE_PRIVILEGES
WHERE GRANTEE <> ''public''
--Column Level Privileges to the User
SELECT ''[' + @DB + ']'', ''GRANT '' + privilege_type + '' ON ['' + table_schema + ''].['' + table_name + ''] ('' + column_name + '') TO ['' + grantee + '']'' +
CASE IS_GRANTABLE WHEN ''YES'' THEN '' WITH GRANT OPTION''
ELSE '''' END FROM INFORMATION_SCHEMA.COLUMN_PRIVILEGES
WHERE GRANTEE <> ''public'''
INSERT INTO #TempSecurables2
EXEC master..sp_executesql @SCDB
END
ELSE IF @User IS NOT NULL AND @DB IS NOT NULL
BEGIN
--Server level Privileges to User or User Group
INSERT INTO #TempSecurables
SELECT CASE CAST(p.state AS VARCHAR(100)) WHEN 'D' THEN 'DENY' WHEN 'R' THEN 'REVOKE' WHEN 'G' THEN 'GRANT' WHEN 'W' THEN 'GRANT' END,
CASE CAST(p.state AS VARCHAR(100)) WHEN 'W' THEN 'WITH GRANT OPTION' ELSE '' END, CAST(p.permission_name AS VARCHAR(100)), RTRIM(p.class_desc),
(SELECT [name] FROM sys.server_principals WHERE principal_id = p.grantor_principal_id), CAST(l.name AS VARCHAR(100))
FROM sys.server_permissions AS p JOIN sys.server_principals AS l
ON p.grantee_principal_id = l.principal_id
AND l.is_disabled = 0
AND l.type IN ('S', 'U', 'G', 'R')
AND QUOTENAME(l.name) = QUOTENAME(@User)
SET @SCDB='USE [' + @DB + ']
--Privileges for Procedures/Functions/CLR/Views to the User
SELECT ''[' + @DB + ']'', CASE WHEN (b.state_desc COLLATE database_default) = ''GRANT_WITH_GRANT_OPTION'' THEN ''GRANT'' ELSE (b.state_desc COLLATE database_default) END + '' EXECUTE ON ['' + c.name + ''].['' + a.name + ''] TO '' + QUOTENAME(USER_NAME(b.grantee_principal_id)) +
CASE STATE WHEN ''W'' THEN '' WITH GRANT OPTION''
ELSE '''' END FROM sys.all_objects a, sys.database_permissions b, sys.schemas c
WHERE a.OBJECT_ID = b.major_id AND a.type IN (''X'',''P'',''FN'',''AF'',''FS'',''FT'') AND b.grantee_principal_id <>0
AND b.grantee_principal_id <>2 AND a.schema_id = c.schema_id
AND QUOTENAME(USER_NAME(b.grantee_principal_id)) = ''[' + @User + ']''
ORDER BY c.name
--Table and View Level Privileges to the User
SELECT ''[' + @DB + ']'', ''GRANT '' + privilege_type + '' ON ['' + table_schema + ''].['' + table_name + ''] TO ['' + grantee + '']'' +
CASE IS_GRANTABLE WHEN ''YES'' THEN '' WITH GRANT OPTION''
ELSE '''' END FROM INFORMATION_SCHEMA.TABLE_PRIVILEGES
WHERE GRANTEE <> ''public''
AND grantee = ''[' + @User + ']''
--Column Level Privileges to the User
SELECT ''[' + @DB + ']'', ''GRANT '' + privilege_type + '' ON ['' + table_schema + ''].['' + table_name + ''] ('' + column_name + '') TO ['' + grantee + '']'' +
CASE IS_GRANTABLE WHEN ''YES'' THEN '' WITH GRANT OPTION''
ELSE '''' END FROM INFORMATION_SCHEMA.COLUMN_PRIVILEGES
WHERE GRANTEE <> ''public''
AND grantee = ''[' + @User + ']'''
INSERT INTO #TempSecurables2
EXEC master..sp_executesql @SCDB
END
ELSE
BEGIN
--Server level Privileges to User or User Group
INSERT INTO #TempSecurables
SELECT CASE CAST(p.state AS VARCHAR(100)) WHEN 'D' THEN 'DENY' WHEN 'R' THEN 'REVOKE' WHEN 'G' THEN 'GRANT' WHEN 'W' THEN 'GRANT' END,
CASE CAST(p.state AS VARCHAR(100)) WHEN 'W' THEN 'WITH GRANT OPTION' ELSE '' END, CAST(p.permission_name AS VARCHAR(100)), RTRIM(p.class_desc),
(SELECT [name] FROM sys.server_principals WHERE principal_id = p.grantor_principal_id), CAST(l.name AS VARCHAR(100))
FROM sys.server_permissions p JOIN sys.server_principals l
ON p.grantee_principal_id = l.principal_id
AND l.is_disabled = 0
AND l.type IN ('S', 'U', 'G', 'R')
AND QUOTENAME(l.name) = QUOTENAME(@User)
SET @SCUser = 'USE [?]
--Privileges for Procedures/Functions/CLR/Views to the User
SELECT ''[?]'', CASE WHEN (b.state_desc COLLATE database_default) = ''GRANT_WITH_GRANT_OPTION'' THEN ''GRANT'' ELSE (b.state_desc COLLATE database_default) END + '' EXECUTE ON ['' + c.name + ''].['' + a.name + ''] TO '' + QUOTENAME(USER_NAME(b.grantee_principal_id)) +
CASE STATE WHEN ''W'' THEN '' WITH GRANT OPTION''
ELSE '''' END FROM sys.all_objects a, sys.database_permissions b, sys.schemas c
WHERE a.OBJECT_ID = b.major_id AND a.type IN (''X'',''P'',''FN'',''AF'',''FS'',''FT'') AND b.grantee_principal_id <>0
AND b.grantee_principal_id <>2 AND a.schema_id = c.schema_id
AND QUOTENAME(USER_NAME(b.grantee_principal_id)) = ''[' + @User + ']''
ORDER BY c.name
--Table and View Level Privileges to the User
SELECT ''[?]'', ''GRANT '' + privilege_type + '' ON ['' + table_schema + ''].['' + table_name + ''] TO ['' + grantee + '']'' +
CASE IS_GRANTABLE WHEN ''YES'' THEN '' WITH GRANT OPTION''
ELSE '''' END FROM INFORMATION_SCHEMA.TABLE_PRIVILEGES
WHERE GRANTEE <> ''public''
AND grantee = ''[' + @User + ']''
--Column Level Privileges to the User
SELECT ''[?]'', ''GRANT '' + privilege_type + '' ON ['' + table_schema + ''].['' + table_name + ''] ('' + column_name + '') TO ['' + grantee + '']'' +
CASE IS_GRANTABLE WHEN ''YES'' THEN '' WITH GRANT OPTION''
ELSE '''' END FROM INFORMATION_SCHEMA.COLUMN_PRIVILEGES
WHERE GRANTEE <> ''public''
AND grantee = ''[' + @User + ']'''
INSERT INTO #TempSecurables2
EXEC master.dbo.sp_MSforeachdb @[email protected]
END
DECLARE @tmpstr NVARCHAR(128)
SET @tmpstr = '** Generated ' + CONVERT (VARCHAR, GETDATE()) + ' on ' + @@SERVERNAME + ' */'
PRINT @tmpstr
PRINT CHAR(13) + '--##### Server level Privileges to User or User Group #####' + CHAR(13)
DECLARE cSC CURSOR FAST_FORWARD FOR SELECT 'USE [master];' + CHAR(10) + RTRIM(ts.[State]) + ' ' + RTRIM(ts.[PermName]) + ' TO ' + QUOTENAME(RTRIM(ts.[User])) + ' ' + RTRIM(ts.[State2]) + ';' + CHAR(10) + 'GO' FROM #TempSecurables ts WHERE RTRIM([Type]) = 'SERVER'
OPEN cSC
FETCH NEXT FROM cSC INTO @SC
WHILE @@FETCH_STATUS = 0
BEGIN
PRINT @SC
FETCH NEXT FROM cSC INTO @SC
END
CLOSE cSC
DEALLOCATE cSC
DECLARE cSC CURSOR FAST_FORWARD FOR SELECT 'USE [master];' + CHAR(10) + RTRIM(ts.[State]) + ' ' + RTRIM(ts.[PermName]) + ' ON ' + CASE WHEN RTRIM(ts.[Type]) = 'SERVER_PRINCIPAL' THEN 'LOGIN' ELSE 'ENDPOINT' END + '::' + QUOTENAME(RTRIM(ts.[Grantor])) + ' TO ' + QUOTENAME(RTRIM(ts.[User])) + ' ' +RTRIM(ts.[State2]) + ';' + CHAR(10) + 'GO' FROM #TempSecurables ts WHERE RTRIM([Type]) <> 'SERVER'
OPEN cSC
FETCH NEXT FROM cSC INTO @SC
WHILE @@FETCH_STATUS = 0
BEGIN
PRINT @SC
FETCH NEXT FROM cSC INTO @SC
END
CLOSE cSC
DEALLOCATE cSC
DROP TABLE #TempSecurables
PRINT CHAR(13) + '--##### Procedures/Functions/CLR/Views, Table and Column Level Privileges to the User #####' + CHAR(13)
DECLARE cSC CURSOR FAST_FORWARD FOR SELECT 'USE ' + ts2.DBName +';' + CHAR(10) + RTRIM(ts2.[State]) + ';' + CHAR(10) + 'GO' FROM #TempSecurables2 ts2
OPEN cSC
FETCH NEXT FROM cSC INTO @SC
WHILE @@FETCH_STATUS = 0
BEGIN
PRINT @SC
FETCH NEXT FROM cSC INTO @SC
END
CLOSE cSC
DEALLOCATE cSC
DROP TABLE #TempSecurables2
GO
1
我有同樣的問題,並與Justins建議解決它。
- 右鍵單擊數據庫配置單元中的模板/示例用戶。
- 選擇
properties,securables。 - 進行更改
- 按Ctrl + Shift + N可以獲取更改的腳本。
0
那時我創建了這個小腳本來查詢服務器的權限。這是我第一次可以利用SQL遊標.. :)希望這有助於:
--cursor
drop table #permission_report
--create #temp table
CREATE TABLE #permission_report
(db_name varchar(50),
username varchar(50),
objectname varchar(100),
objectclass varchar(50),
permission_name varchar(50),
state varchar(50))
declare @dbname VARCHAR(50)
--declare cursor in order to run on every database on the server
DECLARE c_dbnames CURSOR FOR
SELECT name
FROM sys.databases
OPEN c_dbnames
FETCH c_dbnames INTO @dbname
WHILE @@Fetch_Status = 0
BEGIN
--Openrowset to select the appropriate columns from system catalog views
--insert result into #temp table
--repeat task on every database on server
EXEC('INSERT INTO #permission_report(db_name,username,objectname,objectclass,permission_name,state)
SELECT '''[email protected]+''',p.name username, o.name objectname, class_desc,permission_name, state_desc
FROM ' + @dbname +'.sys.database_principals p
JOIN ' + @dbname +'.sys.database_permissions d ON d.grantee_principal_id = p.principal_id
JOIN ' + @dbname +'.sys.objects o ON o.object_id = d.major_id where p.name=''Yourdomain\User''') ---checking only EMRSN\USMTN-FF20_Users
FETCH c_dbnames INTO @dbname
END
CLOSE c_dbnames
DEALLOCATE c_dbnames
SELECT * FROM #permission_report
相關問題
- 1. SQL Server 2012安全措施
- 2. 將值傳遞給URL,安全措施
- 3. MVC 5安全措施
- 4. php圖像安全措施
- 5. 措施命令:措施python腳本的執行時間
- 6. 強大的安全防範措施
- 7. 的安全預防措施與AJAX
- 8. 網站搜索的安全措施
- 9. Apache Hive的安全措施是什麼
- 10. 在線測試安全措施
- 11. 安全措施閱讀郵件
- 12. 將數據庫拆分爲合法的安全措施?
- 13. 分組SSAS措施
- 14. 安全措施其中會涉及用戶個人信息
- 15. 安裝Chef(12)後,與'pivotal'用戶有關的安全預防措施?
- 16. 是否有任何抵禦暴力攻擊的安全措施?
- 17. 打開不安全文件時,PyPDF2是否採取任何安全措施?
- 18. 可以採用哪些SQL Server 05/08安全措施來防止SQL注入?
- 19. PHP帳戶安全
- 20. 如何將struts 2值分配給java腳本全局變量?
- 21. 如何自動添加指針解引用的保護措施?
- 22. 如何Ajax回調分配給腳本
- 23. 如何通過PowerShell將用戶權限分配給本地用戶帳戶?
- 24. 相關的安全計劃危害和預防措施Sql查詢BIRT報告
- 25. 配置集成安全帳戶用於SQL Server 2008
- 26. 網站的不同安全措施(HTTP頭等)
- 27. 在cgi-bin中運行python的安全防範措施
- 28. 什麼是當前文件上傳的安全措施?
- 29. 控制訪問Web服務/ API的安全措施
- 30. 什麼是社區網站的安全措施?
你的用戶分配權限的安全對象已與您要生成的GRANT語句? – 2009-10-01 04:55:36
是的,但自動。就像「腳本>創建表」 – 2009-10-01 15:25:57