Automating security within triggers

SQLServerCentral is supported by Red Gate Software Ltd.

Popular Topics

Home

Members

Calendar

Who's On

Home » SQL Server 2008 » T-SQL (SS2K8) » Automating security within triggers

Automating security within triggers

Rate Topic

Display Mode

Topic Options

Author

Message

franck.maton

Posted Tuesday, October 09, 2012 7:12 AM

SSC Rookie

Group: General Forum Members
Last Login: Wednesday, April 24, 2013 1:18 AM
Points: 34, Visits: 230

Hello,

I have already a trigger that sends us a mail when a new database is created (some of our users are db_creator). Here's the code:

SET ANSI_NULLS ON
GO

SET QUOTED_IDENTIFIER ON
GO

create trigger [newdb]
on ALL Server
WITH EXECUTE AS 'sa'
for CREATE_DATABASE
as

PRINT 'Creating Trigger: newDB'

set nocount on
 
declare @data xml
declare @message varchar(1000)
declare @instance_name varchar(30)
declare @sujet varchar(150)
set @data = EVENTDATA()
--set @instance_name = 
select @instance_name = @@ServerName

SET @message = 'New DB: ' + @data.value('(/EVENT_INSTANCE/DatabaseName)[1]', 'varchar(256)') + ' created. Check if database mirroring is necessary.'
SET @sujet = 'NEW DATABASE CREATED ON INSTANCE ' + @instance_name
EXEC msdb.dbo.sp_send_dbmail
@recipients = 'email@contoso.com',
@body = @message,
@subject = @sujet ;

PRINT 'Trigger Created'

GO

SET ANSI_NULLS OFF
GO

SET QUOTED_IDENTIFIER OFF
GO

ENABLE TRIGGER [newdb] ON ALL SERVER
GO

And it works perfectly.

Well, our backup software needs some rights to backup and restore objects in our instance (for example: item restore in sharepoint).

So I need to give db_backupoperator database role to our backup user whenever a new database is created by the cutsomer.

I was thinking of modifying my trigger by adding some code like:

USE ?
CREATE USER [domain\bck_user] FOR LOGIN [domain\bck_user] ; 
EXEC sp_addrolemember N'db_backupoperator', N'domain\bck_user' ;

But obviously, the 'USE' doesn't not work into triggers and therefore I always give my bck user the DB role db_backupoperator to the "master" DB :-(

So how can I automate the "grant db_backupoperator" for my bck user ?
I would really appreciate if someone has an idea to solve my problem Tongue

Thanks in advance.
Have a nice day.
Franck.

Post #1370378

Sean Pearce

Posted Tuesday, October 09, 2012 8:05 AM

Old Hand

Group: General Forum Members
Last Login: Yesterday @ 11:42 PM
Points: 339, Visits: 1,299

DECLARE @SQL NVARCHAR(MAX) = N'
EXEC [YourDatabase]..sp_executesql N''CREATE USER [domain\bck_user] FOR LOGIN [domain\bck_user]''';

EXEC sp_executesql @SQL;

SET @SQL = N'
EXEC [YourDatabase]..sp_executesql N''EXEC sp_addrolemember N''''db_backupoperator'''', N''''domain\bck_user''''''';

EXEC sp_executesql @SQL;

http://thesqlguy.blogspot.com/

Post #1370410

franck.maton

Posted Tuesday, October 09, 2012 8:21 AM

SSC Rookie

Group: General Forum Members
Last Login: Wednesday, April 24, 2013 1:18 AM
Points: 34, Visits: 230

Hum, well, it works perfectly, many thanks Smile

Franck.

Post #1370417

ScottPletcher

Posted Tuesday, October 09, 2012 11:47 AM

Ten Centuries

Group: General Forum Members
Last Login: Yesterday @ 2:38 PM
Points: 1,318, Visits: 1,763

Or just add the required permission(s) to the model db. Every db created after that will automatically have the same permission(s).

SQL DBA,SQL Server MVP('07, '08, '09)
One man with courage makes a majority. Andrew Jackson

Post #1370516

franck.maton

Posted Wednesday, October 10, 2012 2:08 AM

SSC Rookie

Group: General Forum Members
Last Login: Wednesday, April 24, 2013 1:18 AM
Points: 34, Visits: 230

That's even easier ! How didn't I think that at first Doze

...

Post #1370751

« Prev Topic | Next Topic »

Permissions