Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 


 
     
Recent Posts
   
Popular Topics
Home   
Search
    Members    Calendar    Who's On

Home » Article Discussions » Article Discussions by Author » Discuss content posted by W Louw » Permission scripting over all databases
Add to briefcase
12 posts, Page 1 of 2
12»»

Permission scripting over all databases Expand / Collapse
Rate Topic
Display Mode
Topic Options
Author
Message
Telammica
Posted Thursday, September 11, 2008 9:59 AM
SSC-Addicted

SSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-Addicted

Group: General Forum Members
Last Login: Wednesday, October 12, 2011 3:59 AM
Points: 488, Visits: 219
Comments posted to this topic are about the item Permission scripting over all databases
Post #567886
joseph.p.quaglia
Posted Friday, November 14, 2008 2:40 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Friday, July 31, 2009 1:47 PM
Points: 3, Visits: 20
Indeed, this is a very helpful script!!
I appreciate it very much!!
Post #603115
Oleg-461731
Posted Monday, November 17, 2008 1:33 AM


Grasshopper

GrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopper

Group: General Forum Members
Last Login: Sunday, April 14, 2013 11:42 AM
Points: 21, Visits: 169
Great script.
But need to correct it.

I have 20 databases on one server and 3 are offline for some special pruposes.
This script gives me error and does not work if one of db's is offline.

I think it must work and skip this kind of databases, because for example some of db's can be mirrored db and it is not possible to bring them online etc.

Thank you.
Regards,
Oleg.
Post #603510
Telammica
Posted Monday, November 17, 2008 3:15 AM
SSC-Addicted

SSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-Addicted

Group: General Forum Members
Last Login: Wednesday, October 12, 2011 3:59 AM
Points: 488, Visits: 219
Hi Oleg

Thanks for the response. I did not take offline dbs into account. I have added that now and you can test it on your databases as soon as the change is approved. Code that I have added is
" AND status&512 <> 512 ".

An offline database has a bitfield with value 512. You can tweak this value to whatever your db situation is. These are the db states:

1 = autoclose; set with sp_dboption.
4 = select into/bulkcopy; set with sp_dboption.
8 = trunc. log on chkpt; set with sp_dboption.
16 = torn page detection, set with sp_dboption.
32 = loading.
64 = pre recovery.
128 = recovering.
256 = not recovered.
512 = offline; set with sp_dboption.
1024 = read only; set with sp_dboption.
2048 = dbo use only; set with sp_dboption.
4096 = single user; set with sp_dboption.
32768 = emergency mode.
4194304 = autoshrink.
1073741824 = cleanly shutdown

Regards
Post #603529
Oleg-461731
Posted Tuesday, November 18, 2008 12:22 AM


Grasshopper

GrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopper

Group: General Forum Members
Last Login: Sunday, April 14, 2013 11:42 AM
Points: 21, Visits: 169
Hi,

thank you , it is great.

Regards.
Post #604132
Kishore.P
Posted Tuesday, November 18, 2008 12:32 AM
Ten Centuries

Ten CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen Centuries

Group: General Forum Members
Last Login: Monday, November 26, 2012 3:25 AM
Points: 1,389, Visits: 596
Very helpful script, used for many DBA's.


Post #604135
Anielvarma
Posted Tuesday, December 09, 2008 8:37 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Tuesday, October 23, 2012 12:02 PM
Points: 1, Visits: 50
It is a great script, however, I found that the scipt omit certain explicit permissions. For example, I run the following

exec RetrievePermissions 'test', '',0

I get the following results
--ReportServer
EXEC sp_addrolemember db_datareader, test
GO
--ReportServer
EXEC sp_addrolemember db_datawriter, test
GO
--ReportServer
GRANT EXECUTE ON AddBatchRecord TO Test
GO
--ReportServer1
EXEC sp_addrolemember db_datareader, test
GO
--ReportServer1
GRANT EXECUTE ON AddBatchRecord TO Test
GO

I used a free tool called SQLPermissions created by Idera that can be downloaded here http://www.idera.com/Products/SQLpermissions/Default.aspx
which provided me the following T-Sql code

IF NOT EXISTS (SELECT * FROM sys.server_principals WHERE name = N'Test')
BEGIN
CREATE LOGIN [Test] WITH PASSWORD='', DEFAULT_DATABASE=[master], DEFAULT_LANGUAGE=[us_english], CHECK_EXPIRATION=OFF, CHECK_POLICY=OFF
ALTER LOGIN [Test] Enabled
END
USE [ReportServer]
GO
IF NOT EXISTS (SELECT * FROM sys.database_principals WHERE name = N'Test')
CREATE USER [Test] FOR LOGIN [Test] WITH DEFAULT_SCHEMA=[dbo]
USE [ReportServer]
GO
exec sp_addrolemember N'db_datareader', N'Test'
GO
exec sp_addrolemember N'db_datawriter', N'Test'
GO
USE [ReportServer]
GO
Grant CONNECT ON Database::[ReportServer] TO [Test]
GO
USE [ReportServer]
GO
Grant SHOWPLAN ON Database::[ReportServer] TO [Test]
GO
USE [ReportServer]
GO
Grant VIEW DEFINITION ON Database::[ReportServer] TO [Test]
GO
USE [ReportServer]
GO
Grant EXECUTE ON [dbo].[AddBatchRecord] TO [Test]
GO
USE [ReportServer]
GO
Grant ALTER ON [dbo].[AddModelPerspective] TO [Test]
GO
USE [ReportServer]
GO
Grant TAKE OWNERSHIP ON [dbo].[AddModelPerspective] TO [Test] WITH GRANT OPTION
GO
USE [ReportServer1]
GO
IF NOT EXISTS (SELECT * FROM sys.database_principals WHERE name = N'Test')
CREATE USER [Test] FOR LOGIN [Test] WITH DEFAULT_SCHEMA=[dbo]
USE [ReportServer1]
GO
exec sp_addrolemember N'db_datareader', N'Test'
GO
USE [ReportServer1]
GO
Grant CONNECT ON Database::[ReportServer1] TO [Test]
GO
USE [ReportServer1]
GO
Grant SHOWPLAN ON Database::[ReportServer1] TO [Test]
GO
USE [ReportServer1]
GO
Grant VIEW DEFINITION ON Database::[ReportServer1] TO [Test]
GO
USE [ReportServer1]
GO
Grant EXECUTE ON [dbo].[AddBatchRecord] TO [Test]
GO

USE [ReportServer1]
GO
Grant ALTER ON [dbo].[AddModelPerspective] TO [Test]
GO
USE [ReportServer1]
GO
Grant TAKE OWNERSHIP ON [dbo].[AddModelPerspective] TO [Test] WITH GRANT OPTION
GO
Post #616218
FreeHansje
Posted Wednesday, July 08, 2009 8:27 AM
SSC Eights!

SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!

Group: General Forum Members
Last Login: Thursday, December 06, 2012 8:30 AM
Points: 879, Visits: 810
So I ran this script, and nomatter what parms I use('' or 'sa') I get 1 empty output column named textcolumn. How should I execute this?!


Greetz,
Hans Brouwer
Post #749296
Telammica
Posted Wednesday, July 08, 2009 8:54 AM
SSC-Addicted

SSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-Addicted

Group: General Forum Members
Last Login: Wednesday, October 12, 2011 3:59 AM
Points: 488, Visits: 219
Even if you execute it like this?

exec RetrievePermissions 'myUser', '',0
Post #749346
Bill Kline-270970
Posted Friday, July 31, 2009 1:34 PM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Tuesday, April 16, 2013 8:25 AM
Points: 168, Visits: 671
Great script, but I found a problem.

If the ANSI setting CONCAT_NULL_YIELDS_NULL is ON, then I received some records with a NULL value. When I changed the setting to OFF, then the resulting statement was incomplete; i.e., the GRANT statement was missing.

Example:

--ARS_PROD DELETE ON AREA TO Developer GO

Notice the 2 spaces between the database name and the permission, with no GRANT statement in between.
Post #763354
« Prev Topic | Next Topic »

Add to briefcase
12 posts, Page 1 of 2
12»»

Permissions Expand / Collapse

 
 
Copyright © 2002-2013 Simple Talk Publishing. All Rights Reserved. Privacy Policy. Terms of Use. Report Abuse.