Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase 12»»

Permission scripting over all databases Expand / Collapse
Author
Message
Posted Thursday, September 11, 2008 9:59 AM
SSC-Addicted

SSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-Addicted

Group: General Forum Members
Last Login: Wednesday, October 12, 2011 3:59 AM
Points: 488, Visits: 219
Comments posted to this topic are about the item Permission scripting over all databases
Post #567886
Posted Friday, November 14, 2008 2:40 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Friday, July 31, 2009 1:47 PM
Points: 3, Visits: 20
Indeed, this is a very helpful script!!
I appreciate it very much!!
Post #603115
Posted Monday, November 17, 2008 1:33 AM


Grasshopper

GrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopper

Group: General Forum Members
Last Login: Saturday, August 30, 2014 9:47 AM
Points: 21, Visits: 205
Great script.
But need to correct it.

I have 20 databases on one server and 3 are offline for some special pruposes.
This script gives me error and does not work if one of db's is offline.

I think it must work and skip this kind of databases, because for example some of db's can be mirrored db and it is not possible to bring them online etc.

Thank you.
Regards,
Oleg.
Post #603510
Posted Monday, November 17, 2008 3:15 AM
SSC-Addicted

SSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-Addicted

Group: General Forum Members
Last Login: Wednesday, October 12, 2011 3:59 AM
Points: 488, Visits: 219
Hi Oleg

Thanks for the response. I did not take offline dbs into account. I have added that now and you can test it on your databases as soon as the change is approved. Code that I have added is
" AND status&512 <> 512 ".

An offline database has a bitfield with value 512. You can tweak this value to whatever your db situation is. These are the db states:

1 = autoclose; set with sp_dboption.
4 = select into/bulkcopy; set with sp_dboption.
8 = trunc. log on chkpt; set with sp_dboption.
16 = torn page detection, set with sp_dboption.
32 = loading.
64 = pre recovery.
128 = recovering.
256 = not recovered.
512 = offline; set with sp_dboption.
1024 = read only; set with sp_dboption.
2048 = dbo use only; set with sp_dboption.
4096 = single user; set with sp_dboption.
32768 = emergency mode.
4194304 = autoshrink.
1073741824 = cleanly shutdown

Regards
Post #603529
Posted Tuesday, November 18, 2008 12:22 AM


Grasshopper

GrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopper

Group: General Forum Members
Last Login: Saturday, August 30, 2014 9:47 AM
Points: 21, Visits: 205
Hi,

thank you , it is great.

Regards.

Post #604132
Posted Tuesday, November 18, 2008 12:32 AM
Ten Centuries

Ten CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen Centuries

Group: General Forum Members
Last Login: Thursday, March 13, 2014 5:49 AM
Points: 1,391, Visits: 608
Very helpful script, used for many DBA's.



Post #604135
Posted Tuesday, December 9, 2008 8:37 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Tuesday, December 24, 2013 8:08 AM
Points: 1, Visits: 52
It is a great script, however, I found that the scipt omit certain explicit permissions. For example, I run the following

exec RetrievePermissions 'test', '',0

I get the following results
--ReportServer
EXEC sp_addrolemember db_datareader, test
GO
--ReportServer
EXEC sp_addrolemember db_datawriter, test
GO
--ReportServer
GRANT EXECUTE ON AddBatchRecord TO Test
GO
--ReportServer1
EXEC sp_addrolemember db_datareader, test
GO
--ReportServer1
GRANT EXECUTE ON AddBatchRecord TO Test
GO

I used a free tool called SQLPermissions created by Idera that can be downloaded here http://www.idera.com/Products/SQLpermissions/Default.aspx
which provided me the following T-Sql code

IF NOT EXISTS (SELECT * FROM sys.server_principals WHERE name = N'Test')
BEGIN
CREATE LOGIN [Test] WITH PASSWORD='', DEFAULT_DATABASE=[master], DEFAULT_LANGUAGE=[us_english], CHECK_EXPIRATION=OFF, CHECK_POLICY=OFF
ALTER LOGIN [Test] Enabled
END
USE [ReportServer]
GO
IF NOT EXISTS (SELECT * FROM sys.database_principals WHERE name = N'Test')
CREATE USER [Test] FOR LOGIN [Test] WITH DEFAULT_SCHEMA=[dbo]
USE [ReportServer]
GO
exec sp_addrolemember N'db_datareader', N'Test'
GO
exec sp_addrolemember N'db_datawriter', N'Test'
GO
USE [ReportServer]
GO
Grant CONNECT ON Database::[ReportServer] TO [Test]
GO
USE [ReportServer]
GO
Grant SHOWPLAN ON Database::[ReportServer] TO [Test]
GO
USE [ReportServer]
GO
Grant VIEW DEFINITION ON Database::[ReportServer] TO [Test]
GO
USE [ReportServer]
GO
Grant EXECUTE ON [dbo].[AddBatchRecord] TO [Test]
GO
USE [ReportServer]
GO
Grant ALTER ON [dbo].[AddModelPerspective] TO [Test]
GO
USE [ReportServer]
GO
Grant TAKE OWNERSHIP ON [dbo].[AddModelPerspective] TO [Test] WITH GRANT OPTION
GO
USE [ReportServer1]
GO
IF NOT EXISTS (SELECT * FROM sys.database_principals WHERE name = N'Test')
CREATE USER [Test] FOR LOGIN [Test] WITH DEFAULT_SCHEMA=[dbo]
USE [ReportServer1]
GO
exec sp_addrolemember N'db_datareader', N'Test'
GO
USE [ReportServer1]
GO
Grant CONNECT ON Database::[ReportServer1] TO [Test]
GO
USE [ReportServer1]
GO
Grant SHOWPLAN ON Database::[ReportServer1] TO [Test]
GO
USE [ReportServer1]
GO
Grant VIEW DEFINITION ON Database::[ReportServer1] TO [Test]
GO
USE [ReportServer1]
GO
Grant EXECUTE ON [dbo].[AddBatchRecord] TO [Test]
GO

USE [ReportServer1]
GO
Grant ALTER ON [dbo].[AddModelPerspective] TO [Test]
GO
USE [ReportServer1]
GO
Grant TAKE OWNERSHIP ON [dbo].[AddModelPerspective] TO [Test] WITH GRANT OPTION
GO



Post #616218
Posted Wednesday, July 8, 2009 8:27 AM
SSC Eights!

SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!

Group: General Forum Members
Last Login: Thursday, December 6, 2012 8:30 AM
Points: 879, Visits: 810
So I ran this script, and nomatter what parms I use('' or 'sa') I get 1 empty output column named textcolumn. How should I execute this?!


Greetz,
Hans Brouwer
Post #749296
Posted Wednesday, July 8, 2009 8:54 AM
SSC-Addicted

SSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-Addicted

Group: General Forum Members
Last Login: Wednesday, October 12, 2011 3:59 AM
Points: 488, Visits: 219
Even if you execute it like this?

exec RetrievePermissions 'myUser', '',0
Post #749346
Posted Friday, July 31, 2009 1:34 PM
SSC Veteran

SSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC Veteran

Group: General Forum Members
Last Login: Monday, July 7, 2014 1:26 PM
Points: 235, Visits: 720
Great script, but I found a problem.

If the ANSI setting CONCAT_NULL_YIELDS_NULL is ON, then I received some records with a NULL value. When I changed the setting to OFF, then the resulting statement was incomplete; i.e., the GRANT statement was missing.

Example:

--ARS_PROD DELETE ON AREA TO Developer GO

Notice the 2 spaces between the database name and the permission, with no GRANT statement in between.
Post #763354
« Prev Topic | Next Topic »

Add to briefcase 12»»

Permissions Expand / Collapse