January 24, 2019 at 8:56 am
I have about 60 SQL Servers and I have an AD group that has Developers in it. I'm trying to build a script that will loop through the user databases and create a user and assign permissions for that user so that I can quickly add a group to control Developer perms. I'm first checking if the Login at the Server level exists and making it if it doesn't.
IF SUSER_ID('[Domain\IT Developers]') IS NULL
CREATE LOGIN [Domain\IT Developers] FROM WINDOWS WITH DEFAULT_DATABASE=[master]
DECLARE @Command VARCHAR(8000)
SELECT @Command = 'IF ''?'' NOT IN (''master'', ''model'', ''msdb'', ''tempdb'',''SSISDB'') BEGIN USE ? IF (SELECT DATABASE_PRINCIPAL_ID(''Domain\IT Developers'')) IS NULL
CREATE USER [Domain\IT Developers] FOR LOGIN [Domain\IT Developers];
CREATE USER [Domain\IT Developers] FOR LOGIN [Domain\IT Developers]
--add perms to the user in that DB context
EXEC sp_addrolemember N''db_datareader'', N''Domain\IT Developers''
EXEC sp_addrolemember N''db_datawriter'', N''Domain\IT Developers''
GRANT VIEW DEFINITION TO [Domain\IT Developers] END '
PRINT @Command
EXEC sp_MSforeachdb @Command
When I run this I get an error telling me that the user already exists, but it doesn't because I've looked in the SSMS UI on the instance I'm testing and I know it isn't there. Any suggestions or corrections to what I'm doing?
January 24, 2019 at 9:16 am
Try removing the square brackets from the first line. It's looking for that literal login name - square brackets and all.
John
January 24, 2019 at 10:06 am
John Mitchell-245523 - Thursday, January 24, 2019 9:16 AMTry removing the square brackets from the first line. It's looking for that literal login name - square brackets and all.John
The login creation part of this isn't where the issue is, but I removed the brackets from it anyway. Now I'm getting strange behavior where the user doesn't exist but I get a message that it does already exist. Yet, the users are added and tied to the login. I'm really confused about what's happening.
January 24, 2019 at 10:23 am
You have CREATE USER in the code twice (once IF'd and once not).
IF SUSER_ID('[Domain\IT Developers]') IS NULL
CREATE LOGIN [Domain\IT Developers] FROM WINDOWS WITH DEFAULT_DATABASE=[master]
EXEC sp_MSforeachdb '
IF ''?'' NOT IN (''master'', ''model'', ''msdb'', ''SSISDB'', ''tempdb'')
BEGIN
USE [?]
PRINT ''?''
IF DATABASE_PRINCIPAL_ID(''Domain\IT Developers'') IS NULL
BEGIN
PRINT '' Creating user.''
CREATE USER [Domain\IT Developers] FROM LOGIN [Domain\IT Developers];
END /*IF*/
PRINT '' Adding all permissions for the user.''
EXEC sp_addrolemember N''db_datareader'', N''Domain\IT Developers''
EXEC sp_addrolemember N''db_datawriter'', N''Domain\IT Developers''
GRANT VIEW DEFINITION TO [Domain\IT Developers]
END /*IF*/
'
SQL DBA,SQL Server MVP(07, 08, 09) "It's a dog-eat-dog world, and I'm wearing Milk-Bone underwear." "Norm", on "Cheers". Also from "Cheers", from "Carla": "You need to know 3 things about Tortelli men: Tortelli men draw women like flies; Tortelli men treat women like flies; Tortelli men's brains are in their flies".
January 24, 2019 at 11:25 am
ScottPletcher - Thursday, January 24, 2019 10:23 AMYou have CREATE USER in the code twice (once IF'd and once not).
IF SUSER_ID('[Domain\IT Developers]') IS NULL
CREATE LOGIN [Domain\IT Developers] FROM WINDOWS WITH DEFAULT_DATABASE=[master]
EXEC sp_MSforeachdb '
IF ''?'' NOT IN (''master'', ''model'', ''msdb'', ''SSISDB'', ''tempdb'')
BEGIN
USE [?]
PRINT ''?''
IF DATABASE_PRINCIPAL_ID(''Domain\IT Developers'') IS NULL
BEGIN
PRINT '' Creating user.''
CREATE USER [Domain\IT Developers] FROM LOGIN [Domain\IT Developers];
END /*IF*/
PRINT '' Adding all permissions for the user.''
EXEC sp_addrolemember N''db_datareader'', N''Domain\IT Developers''
EXEC sp_addrolemember N''db_datawriter'', N''Domain\IT Developers''
GRANT VIEW DEFINITION TO [Domain\IT Developers]
END /*IF*/
'
Thanks Scott. I apparently need better proofreading skills.
Viewing 5 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply
This website stores cookies on your computer.
These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media.
To find out more about the cookies we use, see our Privacy Policy