May 10, 2013 at 11:03 am
Hi,
I'm doing some DR testing. Is there a way I can disable all access to a Database, except for one specific user?
My DB has 800 logins, and I want to disable all access during my DR testing, but during this testing my Report user account (one user) should be able to access the data (read only).
Is there a script or a way to accomplish this?
May 10, 2013 at 11:52 am
i think it's the usual; there's no easy way, but you can use the metadata to build your commands to add everyone to a deny everything group
something like this is what i think off of the top of my head.
CREATE ROLE [NoAccessForYou];
ALTER AUTHORIZATION ON SCHEMA::[db_denydatawriter] TO [NoAccessForYou];
ALTER AUTHORIZATION ON SCHEMA::[db_denydatareader] TO [NoAccessForYou];
CREATE ROLE [OnlyReadAccessForYou];
ALTER AUTHORIZATION ON SCHEMA::[db_denydatawriter] TO [OnlyReadAccessForYou];
ALTER AUTHORIZATION ON SCHEMA::[db_datareader] TO [OnlyReadAccessForYou];
declare @Batch varchar(max);
SET @Batch = '';
SELECT --@Batch = @Batch +
'EXEC sp_addrolemember N''NoAccessForYou'', N''' + name + ''';' + CHAR(13) + CHAR(10),*
FROM sys.database_principals WHERE type_desc IN('WINDOWS_USER','SQL_USER') AND principal_id > 4 ;
print (@Batch);
--exec (@@Batch);
EXEC sp_droprolemember N'NoAccessForYou', N'TestUser';
EXEC sp_addrolemember N'OnlyReadAccessForYou', N'TestUser';
EXECUTE AS USER='TestUser';
--do stuff
--change back into superman
REVERT;
--clean up after ourself:
DROP ROLE [OnlyReadAccessForYou];
DROP ROLE [NoAccessForYou];
Lowell
May 10, 2013 at 12:02 pm
lol...never is that easy..
thanks man, that's just what I was looking for..
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply