September 11, 2008 at 9:59 am
Comments posted to this topic are about the item Permission scripting over all databases
November 14, 2008 at 2:40 pm
Indeed, this is a very helpful script!!
I appreciate it very much!!
November 17, 2008 at 1:33 am
Great script.
But need to correct it.
I have 20 databases on one server and 3 are offline for some special pruposes.
This script gives me error and does not work if one of db's is offline.
I think it must work and skip this kind of databases, because for example some of db's can be mirrored db and it is not possible to bring them online etc.
Thank you.
Regards,
Oleg.
November 17, 2008 at 3:15 am
Hi Oleg
Thanks for the response. I did not take offline dbs into account. I have added that now and you can test it on your databases as soon as the change is approved. Code that I have added is
" AND status&512 <> 512 ".
An offline database has a bitfield with value 512. You can tweak this value to whatever your db situation is. These are the db states:
1 = autoclose; set with sp_dboption.
4 = select into/bulkcopy; set with sp_dboption.
8 = trunc. log on chkpt; set with sp_dboption.
16 = torn page detection, set with sp_dboption.
32 = loading.
64 = pre recovery.
128 = recovering.
256 = not recovered.
512 = offline; set with sp_dboption.
1024 = read only; set with sp_dboption.
2048 = dbo use only; set with sp_dboption.
4096 = single user; set with sp_dboption.
32768 = emergency mode.
4194304 = autoshrink.
1073741824 = cleanly shutdown
Regards
November 18, 2008 at 12:22 am
Hi,
thank you , it is great.
Regards.
November 18, 2008 at 12:32 am
Very helpful script, used for many DBA's.
December 9, 2008 at 8:37 am
It is a great script, however, I found that the scipt omit certain explicit permissions. For example, I run the following
exec RetrievePermissions 'test', '',0
I get the following results
--ReportServer
EXEC sp_addrolemember db_datareader, test
GO
--ReportServer
EXEC sp_addrolemember db_datawriter, test
GO
--ReportServer
GRANT EXECUTE ON AddBatchRecord TO Test
GO
--ReportServer1
EXEC sp_addrolemember db_datareader, test
GO
--ReportServer1
GRANT EXECUTE ON AddBatchRecord TO Test
GO
I used a free tool called SQLPermissions created by Idera that can be downloaded here http://www.idera.com/Products/SQLpermissions/Default.aspx
which provided me the following T-Sql code
IF NOT EXISTS (SELECT * FROM sys.server_principals WHERE name = N'Test')
BEGIN
CREATE LOGIN [Test] WITH PASSWORD='', DEFAULT_DATABASE=[master], DEFAULT_LANGUAGE=[us_english], CHECK_EXPIRATION=OFF, CHECK_POLICY=OFF
ALTER LOGIN [Test] Enabled
END
USE [ReportServer]
GO
IF NOT EXISTS (SELECT * FROM sys.database_principals WHERE name = N'Test')
CREATE USER [Test] FOR LOGIN [Test] WITH DEFAULT_SCHEMA=[dbo]
USE [ReportServer]
GO
exec sp_addrolemember N'db_datareader', N'Test'
GO
exec sp_addrolemember N'db_datawriter', N'Test'
GO
USE [ReportServer]
GO
Grant CONNECT ON Database::[ReportServer] TO [Test]
GO
USE [ReportServer]
GO
Grant SHOWPLAN ON Database::[ReportServer] TO [Test]
GO
USE [ReportServer]
GO
Grant VIEW DEFINITION ON Database::[ReportServer] TO [Test]
GO
USE [ReportServer]
GO
Grant EXECUTE ON [dbo].[AddBatchRecord] TO [Test]
GO
USE [ReportServer]
GO
Grant ALTER ON [dbo].[AddModelPerspective] TO [Test]
GO
USE [ReportServer]
GO
Grant TAKE OWNERSHIP ON [dbo].[AddModelPerspective] TO [Test] WITH GRANT OPTION
GO
USE [ReportServer1]
GO
IF NOT EXISTS (SELECT * FROM sys.database_principals WHERE name = N'Test')
CREATE USER [Test] FOR LOGIN [Test] WITH DEFAULT_SCHEMA=[dbo]
USE [ReportServer1]
GO
exec sp_addrolemember N'db_datareader', N'Test'
GO
USE [ReportServer1]
GO
Grant CONNECT ON Database::[ReportServer1] TO [Test]
GO
USE [ReportServer1]
GO
Grant SHOWPLAN ON Database::[ReportServer1] TO [Test]
GO
USE [ReportServer1]
GO
Grant VIEW DEFINITION ON Database::[ReportServer1] TO [Test]
GO
USE [ReportServer1]
GO
Grant EXECUTE ON [dbo].[AddBatchRecord] TO [Test]
GO
USE [ReportServer1]
GO
Grant ALTER ON [dbo].[AddModelPerspective] TO [Test]
GO
USE [ReportServer1]
GO
Grant TAKE OWNERSHIP ON [dbo].[AddModelPerspective] TO [Test] WITH GRANT OPTION
GO
July 8, 2009 at 8:27 am
So I ran this script, and nomatter what parms I use('' or 'sa') I get 1 empty output column named textcolumn. How should I execute this?!
Greetz,
Hans Brouwer
July 8, 2009 at 8:54 am
Even if you execute it like this?
exec RetrievePermissions 'myUser', '',0
July 31, 2009 at 1:34 pm
Great script, but I found a problem.
If the ANSI setting CONCAT_NULL_YIELDS_NULL is ON, then I received some records with a NULL value. When I changed the setting to OFF, then the resulting statement was incomplete; i.e., the GRANT statement was missing.
Example:
--ARS_PROD DELETE ON AREA TO Developer GO
Notice the 2 spaces between the database name and the permission, with no GRANT statement in between.
February 6, 2012 at 9:10 am
I found that this script doesn't write down schema permissions.
You might check the following: http://www.sqlservercentral.com/scripts/Security/71562/
December 13, 2012 at 9:10 am
For the new user, I'd it to generate a create user statement:
USE [dbname]
GO
CREATE USER [mynewuser] FOR LOGIN [domain\firstname.lastname]
GO
Where mynewuser is paramater 1 and domain\firstname.lastname is second parameter.
May 21, 2014 at 11:34 am
Has this script been tested on SQL 2012. I found I had to change this code:
select count(*) '+
' from '+@database+'..sysmembers z , '+@database+'..sysusers su '+
' where z.memberuid = su.uid and su.name = '''+convert(varchar(255),@newuidname)+''' ) = 0
to this in order to script out the roles:
select count(*) '+
' from '+@database+'..sysmembers z , '+@database+'..sysusers su '+
' where z.memberuid = su.uid and su.name = '''+convert(varchar(255),@newuidname)+''' ) > 0
Viewing 13 posts - 1 through 12 (of 12 total)
You must be logged in to reply to this topic. Login to reply