Click here to monitor SSC
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

Specific user account access only Expand / Collapse
Author
Message
Posted Friday, May 10, 2013 11:03 AM
SSC Eights!

SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!

Group: General Forum Members
Last Login: Yesterday @ 9:50 AM
Points: 850, Visits: 2,360
Hi,

I'm doing some DR testing. Is there a way I can disable all access to a Database, except for one specific user?

My DB has 800 logins, and I want to disable all access during my DR testing, but during this testing my Report user account (one user) should be able to access the data (read only).

Is there a script or a way to accomplish this?




Post #1451695
Posted Friday, May 10, 2013 11:52 AM


SSChampion

SSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampion

Group: General Forum Members
Last Login: Today @ 3:50 AM
Points: 14,469, Visits: 38,082
i think it's the usual; there's no easy way, but you can use the metadata to build your commands to add everyone to a deny everything group
something like this is what i think off of the top of my head.

CREATE ROLE [NoAccessForYou];
ALTER AUTHORIZATION ON SCHEMA::[db_denydatawriter] TO [NoAccessForYou];
ALTER AUTHORIZATION ON SCHEMA::[db_denydatareader] TO [NoAccessForYou];

CREATE ROLE [OnlyReadAccessForYou];
ALTER AUTHORIZATION ON SCHEMA::[db_denydatawriter] TO [OnlyReadAccessForYou];
ALTER AUTHORIZATION ON SCHEMA::[db_datareader] TO [OnlyReadAccessForYou];

declare @Batch varchar(max);
SET @Batch = '';
SELECT --@Batch = @Batch +
'EXEC sp_addrolemember N''NoAccessForYou'', N''' + name + ''';' + CHAR(13) + CHAR(10),*
FROM sys.database_principals WHERE type_desc IN('WINDOWS_USER','SQL_USER') AND principal_id > 4 ;
print (@Batch);
--exec (@@Batch);

EXEC sp_droprolemember N'NoAccessForYou', N'TestUser';
EXEC sp_addrolemember N'OnlyReadAccessForYou', N'TestUser';


EXECUTE AS USER='TestUser';
--do stuff


--change back into superman
REVERT;

--clean up after ourself:
DROP ROLE [OnlyReadAccessForYou];
DROP ROLE [NoAccessForYou];




Lowell

--
help us help you! If you post a question, make sure you include a CREATE TABLE... statement and INSERT INTO... statement into that table to give the volunteers here representative data. with your description of the problem, we can provide a tested, verifiable solution to your question! asking the question the right way gets you a tested answer the fastest way possible!
Post #1451705
Posted Friday, May 10, 2013 12:02 PM
SSC Eights!

SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!

Group: General Forum Members
Last Login: Yesterday @ 9:50 AM
Points: 850, Visits: 2,360
lol...never is that easy..

thanks man, that's just what I was looking for..



Post #1451706
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse