Technical Article

Grant/Revoke EXEC permissions  for all procs in DB

,

Useful in dev environments when you need to periodically assign execute permissions on all procs in a db (drop/create scripts may have been run without re-assigning permissions)
Accepts
DB name,
ProcLike for matching 'starts with' pattern against proc names in DB,
revoke (optional - defaults to 0/True) specifies wheter to GRANT or REVOKE permissions 

IF EXISTS (SELECT name 
   FROM   sysobjects 
   WHERE  name = N'up_AllProcPermissionsForDB' 
   AND   type = 'P')
    DROP PROCEDURE up_AllProcPermissionsForDB
GO

CREATE PROCEDURE up_AllProcPermissionsForDB 
@db sysname, 
@ProcLike varchar(50) = 'up_', -- used (like) in where clause
@Revoke bit = 0 -- if 1 then will revoke permissions instead of granting
AS


set nocount on
if isnull(@db,'') = '' BEGIN
    RAISERROR('The parameter ''%s'' was not supplied.',12,1,'db') WITH NOWAIT
    RETURN(1)
END
--revoke & proclike parameters can't be null
set @revoke = Isnull(@revoke,0)
set @ProcLike = Isnull(@ProcLike,'')
if right(@ProcLike,1) <> '%'
set @ProcLike = @ProcLike + '%'

declare @proc varchar (1000)
declare @user varchar(200)
DECLARE @Exec Nvarchar(4000)
create table #tmpUsers (
[User] nvarchar(150)
)
create table #tmpProcs (
[Proc] nvarchar(150)
)
insert #tmpUsers  
exec ('select name
from ' + @db + '.dbo.sysusers
where 
name not in(''dbo'',''guest'',''public'')
and
name not like ''db_%''')


insert #tmpProcs  
exec ('select name
FROM ' + @db + '.dbo.sysobjects
WHEREtype = ''p''
andname like ''' + @ProcLike + '''
orderby name')

DECLARE curExec CURSOR
READ_ONLY
FOR 
select [Proc], [user] from #tmpProcs, #tmpUsers

OPEN curExec

FETCH NEXT FROM curExec INTO @proc, @user
WHILE (@@fetch_status <> -1)
BEGIN
IF (@@fetch_status <> -2)
BEGIN
IF @Revoke = 0
SELECT @Exec = 'USE ' + @db + '; GRANT EXEC ON [DBO].[' + @proc + '] TO [' + @user + ']'
ELSE
SELECT @Exec = 'USE ' + @db + '; REVOKE EXEC ON [DBO].[' + @proc + '] TO [' + @user + ']'
PRINT @Exec
execute sp_executesql @Exec
END
FETCH NEXT FROM curExec INTO @proc, @user
END

CLOSE curExec
DEALLOCATE curExec

drop table #tmpUsers
drop table #tmpProcs


GO

Rate

You rated this post out of 5. Change rating

Share

Join the discussion and add your comment

Share

Rate

You rated this post out of 5. Change rating

Related content

SQLServerCentral Article

Harnessing SQL Server Metadata- Disabling and Rebuilding Indexes

When doing bulk data changes it may be beneficial to disable indexes prior to starting the operation. Fortunately, SQL's rich metadata makes this very easy to automate in a robust fashion.

4.92 (12)

You rated this post out of 5. Change rating

2018-05-18 (first published: )

4,794 reads

Technical Article

Query to Display Trigger Status

Ever wanted to know whether your triggers are enabled or not? The ObjectProperty command allows you to select information about the status of objects in your database, returning 1 for True and 0 for False. The example below determines whether a single trigger is disabled. SELECT ObjectProperty(object_id('Trigger_Name'), 'ExecIsTriggerDisabled') There are a number of other useful […]

5 (1)

You rated this post out of 5. Change rating

2001-10-28

1,200 reads