SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Permission scripting over all databases


Permission scripting over all databases

Author
Message
Telammica
Telammica
SSChasing Mays
SSChasing Mays (624 reputation)SSChasing Mays (624 reputation)SSChasing Mays (624 reputation)SSChasing Mays (624 reputation)SSChasing Mays (624 reputation)SSChasing Mays (624 reputation)SSChasing Mays (624 reputation)SSChasing Mays (624 reputation)

Group: General Forum Members
Points: 624 Visits: 220
Comments posted to this topic are about the item Permission scripting over all databases
joseph.p.quaglia
joseph.p.quaglia
Grasshopper
Grasshopper (17 reputation)Grasshopper (17 reputation)Grasshopper (17 reputation)Grasshopper (17 reputation)Grasshopper (17 reputation)Grasshopper (17 reputation)Grasshopper (17 reputation)Grasshopper (17 reputation)

Group: General Forum Members
Points: 17 Visits: 20
Indeed, this is a very helpful script!!
I appreciate it very much!!
Oleg-461731
Oleg-461731
SSC-Enthusiastic
SSC-Enthusiastic (165 reputation)SSC-Enthusiastic (165 reputation)SSC-Enthusiastic (165 reputation)SSC-Enthusiastic (165 reputation)SSC-Enthusiastic (165 reputation)SSC-Enthusiastic (165 reputation)SSC-Enthusiastic (165 reputation)SSC-Enthusiastic (165 reputation)

Group: General Forum Members
Points: 165 Visits: 243
Great script.
But need to correct it.

I have 20 databases on one server and 3 are offline for some special pruposes.
This script gives me error and does not work if one of db's is offline.

I think it must work and skip this kind of databases, because for example some of db's can be mirrored db and it is not possible to bring them online etc.

Thank you.
Regards,
Oleg.
Telammica
Telammica
SSChasing Mays
SSChasing Mays (624 reputation)SSChasing Mays (624 reputation)SSChasing Mays (624 reputation)SSChasing Mays (624 reputation)SSChasing Mays (624 reputation)SSChasing Mays (624 reputation)SSChasing Mays (624 reputation)SSChasing Mays (624 reputation)

Group: General Forum Members
Points: 624 Visits: 220
Hi Oleg

Thanks for the response. I did not take offline dbs into account. I have added that now and you can test it on your databases as soon as the change is approved. Code that I have added is
" AND status&512 <> 512 ".

An offline database has a bitfield with value 512. You can tweak this value to whatever your db situation is. These are the db states:

1 = autoclose; set with sp_dboption.
4 = select into/bulkcopy; set with sp_dboption.
8 = trunc. log on chkpt; set with sp_dboption.
16 = torn page detection, set with sp_dboption.
32 = loading.
64 = pre recovery.
128 = recovering.
256 = not recovered.
512 = offline; set with sp_dboption.
1024 = read only; set with sp_dboption.
2048 = dbo use only; set with sp_dboption.
4096 = single user; set with sp_dboption.
32768 = emergency mode.
4194304 = autoshrink.
1073741824 = cleanly shutdown

Regards
Oleg-461731
Oleg-461731
SSC-Enthusiastic
SSC-Enthusiastic (165 reputation)SSC-Enthusiastic (165 reputation)SSC-Enthusiastic (165 reputation)SSC-Enthusiastic (165 reputation)SSC-Enthusiastic (165 reputation)SSC-Enthusiastic (165 reputation)SSC-Enthusiastic (165 reputation)SSC-Enthusiastic (165 reputation)

Group: General Forum Members
Points: 165 Visits: 243
Hi,

thank you , it is great.

Regards.
Kishore.P
Kishore.P
SSCrazy
SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)SSCrazy (2.6K reputation)

Group: General Forum Members
Points: 2583 Visits: 619
Very helpful script, used for many DBA's.



Anielvarma
Anielvarma
Forum Newbie
Forum Newbie (7 reputation)Forum Newbie (7 reputation)Forum Newbie (7 reputation)Forum Newbie (7 reputation)Forum Newbie (7 reputation)Forum Newbie (7 reputation)Forum Newbie (7 reputation)Forum Newbie (7 reputation)

Group: General Forum Members
Points: 7 Visits: 52
It is a great script, however, I found that the scipt omit certain explicit permissions. For example, I run the following

exec RetrievePermissions 'test', '',0

I get the following results
--ReportServer
EXEC sp_addrolemember db_datareader, test
GO
--ReportServer
EXEC sp_addrolemember db_datawriter, test
GO
--ReportServer
GRANT EXECUTE ON AddBatchRecord TO Test
GO
--ReportServer1
EXEC sp_addrolemember db_datareader, test
GO
--ReportServer1
GRANT EXECUTE ON AddBatchRecord TO Test
GO

I used a free tool called SQLPermissions created by Idera that can be downloaded here http://www.idera.com/Products/SQLpermissions/Default.aspx
which provided me the following T-Sql code

IF NOT EXISTS (SELECT * FROM sys.server_principals WHERE name = N'Test')
BEGIN
CREATE LOGIN [Test] WITH PASSWORD='', DEFAULT_DATABASE=[master], DEFAULT_LANGUAGE=[us_english], CHECK_EXPIRATION=OFF, CHECK_POLICY=OFF
ALTER LOGIN [Test] Enabled
END
USE [ReportServer]
GO
IF NOT EXISTS (SELECT * FROM sys.database_principals WHERE name = N'Test')
CREATE USER [Test] FOR LOGIN [Test] WITH DEFAULT_SCHEMA=[dbo]
USE [ReportServer]
GO
exec sp_addrolemember N'db_datareader', N'Test'
GO
exec sp_addrolemember N'db_datawriter', N'Test'
GO
USE [ReportServer]
GO
Grant CONNECT ON Database::[ReportServer] TO [Test]
GO
USE [ReportServer]
GO
Grant SHOWPLAN ON Database::[ReportServer] TO [Test]
GO
USE [ReportServer]
GO
Grant VIEW DEFINITION ON Database::[ReportServer] TO [Test]
GO
USE [ReportServer]
GO
Grant EXECUTE ON [dbo].[AddBatchRecord] TO [Test]
GO
USE [ReportServer]
GO
Grant ALTER ON [dbo].[AddModelPerspective] TO [Test]
GO
USE [ReportServer]
GO
Grant TAKE OWNERSHIP ON [dbo].[AddModelPerspective] TO [Test] WITH GRANT OPTION
GO
USE [ReportServer1]
GO
IF NOT EXISTS (SELECT * FROM sys.database_principals WHERE name = N'Test')
CREATE USER [Test] FOR LOGIN [Test] WITH DEFAULT_SCHEMA=[dbo]
USE [ReportServer1]
GO
exec sp_addrolemember N'db_datareader', N'Test'
GO
USE [ReportServer1]
GO
Grant CONNECT ON Database::[ReportServer1] TO [Test]
GO
USE [ReportServer1]
GO
Grant SHOWPLAN ON Database::[ReportServer1] TO [Test]
GO
USE [ReportServer1]
GO
Grant VIEW DEFINITION ON Database::[ReportServer1] TO [Test]
GO
USE [ReportServer1]
GO
Grant EXECUTE ON [dbo].[AddBatchRecord] TO [Test]
GO

USE [ReportServer1]
GO
Grant ALTER ON [dbo].[AddModelPerspective] TO [Test]
GO
USE [ReportServer1]
GO
Grant TAKE OWNERSHIP ON [dbo].[AddModelPerspective] TO [Test] WITH GRANT OPTION
GO
FreeHansje
FreeHansje
SSCrazy
SSCrazy (2.5K reputation)SSCrazy (2.5K reputation)SSCrazy (2.5K reputation)SSCrazy (2.5K reputation)SSCrazy (2.5K reputation)SSCrazy (2.5K reputation)SSCrazy (2.5K reputation)SSCrazy (2.5K reputation)

Group: General Forum Members
Points: 2525 Visits: 810
So I ran this script, and nomatter what parms I use('' or 'sa') I get 1 empty output column named textcolumn. How should I execute this?!

Greetz,
Hans Brouwer
Telammica
Telammica
SSChasing Mays
SSChasing Mays (624 reputation)SSChasing Mays (624 reputation)SSChasing Mays (624 reputation)SSChasing Mays (624 reputation)SSChasing Mays (624 reputation)SSChasing Mays (624 reputation)SSChasing Mays (624 reputation)SSChasing Mays (624 reputation)

Group: General Forum Members
Points: 624 Visits: 220
Even if you execute it like this?

exec RetrievePermissions 'myUser', '',0
Bill Kline-270970
Bill Kline-270970
Old Hand
Old Hand (367 reputation)Old Hand (367 reputation)Old Hand (367 reputation)Old Hand (367 reputation)Old Hand (367 reputation)Old Hand (367 reputation)Old Hand (367 reputation)Old Hand (367 reputation)

Group: General Forum Members
Points: 367 Visits: 730
Great script, but I found a problem.

If the ANSI setting CONCAT_NULL_YIELDS_NULL is ON, then I received some records with a NULL value. When I changed the setting to OFF, then the resulting statement was incomplete; i.e., the GRANT statement was missing.

Example:

--ARS_PROD DELETE ON AREA TO Developer GO

Notice the 2 spaces between the database name and the permission, with no GRANT statement in between.
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search