I've been tinkering with a reverse engineering script that might help.
SET NOCOUNT ON;
DECLARE @login NVARCHAR(128)
, @SQL VARCHAR(MAX);
SET @login = 'applogin';
-- GRANT SERVER LEVEL PERMISSIONS --
SELECT[Login] = pri.name
, [GrantServerPermissionSQL] = per.state_desc collate database_default + ' ' + per.permission_name collate database_default + ' TO [' + pri.name collate database_default + '];'
FROMsys.server_permissions per
INNER JOIN sys.server_principals pri ON per.grantee_principal_id = pri.principal_id
WHEREper.class_desc = 'SERVER'
ANDpri.type IN ('S', 'U', 'G') -- SQL_LOGIN, WINDOWS_LOGIN, WINDOWS_GROUP
ANDpri.is_disabled = 0
ANDpri.name = ISNULL(@Login, pri.name)
ORDER BY pri.name;
-- GRANT SERVER LEVEL ROLES --
SELECT[Login] = pri.name
, [GrantServerRoleSQL] = 'EXEC sp_addrolemember @rolename = ''' + rpri.name + ''', @membername = ''' + pri.name + ''';'
FROMsys.server_principals pri
INNER JOIN sys.server_role_members rm ON pri.principal_id = rm.member_principal_id
INNER JOIN sys.server_principals rpri ON rpri.principal_id = rm.role_principal_id
WHEREpri.type IN ('S', 'U', 'G') -- SQL_LOGIN, WINDOWS_LOGIN, WINDOWS_GROUP
ANDpri.is_disabled = 0
ANDpri.name = ISNULL(@Login, pri.name);
-- GRANT DATABASE LEVEL PERMISSIONS --
CREATE TABLE #Logins (
sid VARBINARY(85)
);
INSERT INTO #Logins (sid)
SELECTsid
FROMsys.server_principals
WHEREtype IN ('S', 'U', 'G') -- SQL_LOGIN, WINDOWS_LOGIN, WINDOWS_GROUP
ANDis_disabled = 0
ANDname = ISNULL(@Login, name)
ANDprincipal_id != 1; -- sa
CREATE TABLE #DBSecurity (
RowId INT IDENTITY(1,1)
, DBName NVARCHAR(128)
, SQLStmt VARCHAR(MAX)
);
SET @SQL = 'USE [?];
INSERT INTO #DBSecurity (DBName, SQLStmt)
SELECTDB_NAME()
, ''USE [?];''
UNION ALL
SELECTDB_NAME()
, ''IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + dp.name + '''''') AND EXISTS (SELECT 1 FROM sys.server_principals WHERE name = '''''' + sp.name + '''''') CREATE USER ['' + dp.name + ''] FOR LOGIN ['' + sp.name + ''];''
FROMsys.database_principals dp
INNER JOIN sys.server_principals sp ON dp.sid = sp.sid
INNER JOIN #Logins tmp ON tmp.sid = dp.sid
UNION ALL
SELECTDB_NAME()
, ''EXEC sp_addrolemember @rolename = '''''' + dr.name + '''''', @membername = '''''' + dp.name + '''''';''
FROMsys.database_principals dp
INNER JOIN sys.database_role_members rm ON rm.member_principal_id = dp.principal_id
INNER JOIN sys.database_principals dr ON rm.role_principal_id = dr.principal_id
INNER JOIN #Logins tmp ON tmp.sid = dp.sid
UNION ALL
SELECTDB_NAME()
, ''IF EXISTS (SELECT 1 FROM sys.objects WHERE name = '''''' + o.name + '''''') AND EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + dp.name + '''''') '' + p.state_desc + '' '' + p.permission_name + '' ON ['' + s.name + ''].['' + o.name collate database_default + ''] TO ['' + dp.name + ''];''
FROMsys.database_principals dp
INNER JOIN sys.database_permissions p on p.grantee_principal_id = dp.principal_id
INNER JOIN sys.objects o on p.major_id = o.object_id
INNER JOIN sys.schemas s on o.schema_id = s.schema_id
INNER JOIN #Logins tmp ON tmp.sid = dp.sid;
';
EXEC sp_msforeachdb @SQL;
SELECTDBName
, SQLStmt
FROM#DBSecurity
order by RowId;
DROP TABLE #Logins;
DROP TABLE #DBSecurity;
-- SET DEFAULT DB --
SELECT[Login] = pri.name
, [SetDefaultDBSQL] = 'ALTER LOGIN [' + pri.name + '] WITH DEFAULT_DATABASE = [' + pri.default_database_name + '];'
FROMsys.server_principals pri
WHEREpri.type IN ('S', 'U', 'G') -- SQL_LOGIN, WINDOWS_LOGIN, WINDOWS_GROUP
ANDpri.is_disabled = 0
ANDpri.name = ISNULL(@Login, pri.name)
ORDER BY pri.name;
_____________________________________________________________________
- Nate