Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

Specific user account access only Expand / Collapse
Author
Message
Posted Friday, May 10, 2013 11:03 AM
Say Hey Kid

Say Hey KidSay Hey KidSay Hey KidSay Hey KidSay Hey KidSay Hey KidSay Hey KidSay Hey Kid

Group: General Forum Members
Last Login: Friday, April 11, 2014 12:13 PM
Points: 697, Visits: 1,721
Hi,

I'm doing some DR testing. Is there a way I can disable all access to a Database, except for one specific user?

My DB has 800 logins, and I want to disable all access during my DR testing, but during this testing my Report user account (one user) should be able to access the data (read only).

Is there a script or a way to accomplish this?




Post #1451695
Posted Friday, May 10, 2013 11:52 AM


SSChampion

SSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampion

Group: General Forum Members
Last Login: Today @ 8:42 AM
Points: 12,744, Visits: 31,078
i think it's the usual; there's no easy way, but you can use the metadata to build your commands to add everyone to a deny everything group
something like this is what i think off of the top of my head.

CREATE ROLE [NoAccessForYou];
ALTER AUTHORIZATION ON SCHEMA::[db_denydatawriter] TO [NoAccessForYou];
ALTER AUTHORIZATION ON SCHEMA::[db_denydatareader] TO [NoAccessForYou];

CREATE ROLE [OnlyReadAccessForYou];
ALTER AUTHORIZATION ON SCHEMA::[db_denydatawriter] TO [OnlyReadAccessForYou];
ALTER AUTHORIZATION ON SCHEMA::[db_datareader] TO [OnlyReadAccessForYou];

declare @Batch varchar(max);
SET @Batch = '';
SELECT --@Batch = @Batch +
'EXEC sp_addrolemember N''NoAccessForYou'', N''' + name + ''';' + CHAR(13) + CHAR(10),*
FROM sys.database_principals WHERE type_desc IN('WINDOWS_USER','SQL_USER') AND principal_id > 4 ;
print (@Batch);
--exec (@@Batch);

EXEC sp_droprolemember N'NoAccessForYou', N'TestUser';
EXEC sp_addrolemember N'OnlyReadAccessForYou', N'TestUser';


EXECUTE AS USER='TestUser';
--do stuff


--change back into superman
REVERT;

--clean up after ourself:
DROP ROLE [OnlyReadAccessForYou];
DROP ROLE [NoAccessForYou];




Lowell

--There is no spoon, and there's no default ORDER BY in sql server either.
Actually, Common Sense is so rare, it should be considered a Superpower. --my son
Post #1451705
Posted Friday, May 10, 2013 12:02 PM
Say Hey Kid

Say Hey KidSay Hey KidSay Hey KidSay Hey KidSay Hey KidSay Hey KidSay Hey KidSay Hey Kid

Group: General Forum Members
Last Login: Friday, April 11, 2014 12:13 PM
Points: 697, Visits: 1,721
lol...never is that easy..

thanks man, that's just what I was looking for..



Post #1451706
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse