Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 

Get your favorite SSC scripts directly in SSMS with the free SQL Scripts addin. Search for scripts directly from SSMS, and instantly access any saved scripts in your SSC briefcase from the favorites tab.
Download now (direct download link)

Create Role for specific set of Objects based on a set of Conditions.

By Shiva Challa,

I am using this code for the following scenario:
In SQL Server 2005, we have a role called DB_DDLAdmin, but a user
belonging to this role will be able to modify the defination of the stored
procedure. But we don't have a DB_DDLReader role. This script will generate
a script that would create a Role and grants "View defination" permission
to all the objects qualified by the "where clause" for a specific database.

Note: Like the forum member EDogg has pointed out, one can just use
[code]
??USE [DATABASENAME]
??GO
??GRANT VIEW DEFINITION ON SCHEMA::[dbo] TO [USER]
??GO
[\code]
This approach will grant the User with a blanket permission on all the objects belonging to that schema. In fact this approach is much simpler if you are trying to grant blanket permissions on a schema. But the code below is for the Generating a code block that makes it easier to grant various permissions on a group of objects qualified by specific criteria.

Author: Shiva Challa (Challa.info)
Directions to use:
- Replace <<DBNAME>> with the database name you want to be working in. Replace 'AnyRoleNameYouWantGoesHere' with any Rolename you want.
- Make sure you generate the results in text mode (Ctrl+T), so that you can easily Copy-Paste the result set in new script window.

Note: This script can easily be modified to create similar role for all the other
types of objects in a given database.

Sample Results:


USE PerDB
GO
CREATE ROLE [db_SprocReader] AUTHORIZATION [dbo]
GO

GRANT VIEW DEFINITION ON [dbo].[usp_sproc1] TO [db_SProcReader]
GO
GRANT VIEW DEFINITION ON [dbo].[usp_sproc2] TO [db_SProcReader]
GO
GRANT VIEW DEFINITION ON [dbo].[usp_sproc3] TO [db_SProcReader]
GO
GRANT VIEW DEFINITION ON [dbo].[usp_sproc4] TO [db_SProcReader]
GO


 

Total article views: 1084 | Views in the last 30 days: 1
 
Related Articles
SCRIPT

Grant Permission to Specific objects(e.g. SP's)

Grant permissions to specific objects in Database using dynamic SQL.

SCRIPT

Grant permissions to objects

Grant permissions

FORUM

Grant Permission to database object

How to grant a permission?

FORUM

Object does not exist error is getting if VIEW DEFINITION denied

Object does not exist or you do not have permission error is throwing if denied view definition perm...

BLOG

Stored Procedure Definitions and Permissions

I wrote a post a while back that showed how you can grant execute permission ‘carte blanche’ for a d...

Tags
administration    
ddl    
role    
security    
 
Contribute

Join the most active online SQL Server Community

SQL knowledge, delivered daily, free:

Email address:  

You make SSC a better place

As a member of SQLServerCentral, you get free access to loads of fresh content: thousands of articles and SQL scripts, a library of free eBooks, a weekly database news roundup, a great Q & A platform… And it’s our huge, buzzing community of SQL Server Professionals that makes it such a success.

Join us!

Steve Jones
Editor, SQLServerCentral.com

Already a member? Jump in:

Email address:   Password:   Remember me: Forgotten your password?
Steve Jones