script for server roles needed

  • Any one have a handy script to recreate SQL Server roles for SQL 2000?

    It must be somewhere.

    Thanks,

    Vivien

  • Generate Script?:cool:

  • Hope this helps i made the script few weeks ago this script will generate another script of your server/database user log-in and roles. It is in 3 parts: Generate Server Log-ins,Generate Server Roles, Generate database users/roles. As for the password of your server log-in just supplement the password in the section.. run this to the server which will be restored (before restoration)

    /****************************************

    Script Made by Lester A. Policarpio

    For questions and clarifications feel free to email me at

    lpolicarpio2005@yahooo.com

    */

    SET NOCOUNT ON

    print '--##############################################################'

    print '--Generate Script for Server Log-ins'

    print '--Supply with your Server log-in password'

    print '--##############################################################'

    print ''

    DECLARE @name varchar(200)

    DECLARE @default varchar(200)

    print 'DECLARE @login varchar(1024)'

    print 'DECLARE @q varchar(1024)'

    print ''

    print 'CREATE TABLE login'

    print '('

    print 'names varchar(124),'

    print 'pass varchar(124),'

    print 'db varchar(124),'

    print ')'

    --GENERATE SERVER LOG-IN

    DECLARE master CURSOR FOR

    SELECT name,dbname FROM master..syslogins WHERE name not LIKE '%BUILTIN%' AND name <> 'sa'

    OPEN master

    FETCH NEXT FROM master INTO @name,@default

    WHILE (@@FETCH_STATUS = 0)

    BEGIN

    print 'INSERT INTO login VALUES ('+''''+@name+''''+','+''' '''+','+''''+@default+''''+')'

    FETCH NEXT FROM master INTO @name,@default

    END

    CLOSE master

    DEALLOCATE master

    print 'DECLARE logins CURSOR FOR'

    print 'select '+''''''''''+'+names+'+''''''''''+'+'','''+'+'+''''''''''+'+pass+'+''''''''''+'+'','''+'+'+''''''''''+'+db+'+''''''''''+ ' AS '+'''LOG'''+ ' FROM login'

    print 'OPEN logins'

    print 'FETCH NEXT FROM logins INTO @login'

    print 'WHILE (@@FETCH_STATUS = 0)'

    print 'BEGIN'

    print 'SET @q = ''sp_addlogin ''+@login'

    print 'EXEC (@q)'

    print 'FETCH NEXT FROM logins INTO @login'

    print 'END'

    print 'CLOSE logins'

    print 'DEALLOCATE logins'

    print 'DROP TABLE login'

    print '--#################################################################'

    print '--Generate Script for Server Roles'

    print '--#################################################################'

    print ''

    DECLARE @logins varchar(200)

    DECLARE @Default1 varchar(200)

    DECLARE @sysadmin int

    DECLARE @securityadmin int

    DECLARE @serveradmin int

    DECLARE @setupadmin int

    DECLARE @processadmin int

    DECLARE @diskadmin int

    DECLARE @dbcreator int

    DECLARE @bulkadmin int

    DECLARE @master int

    print 'DECLARE @login2 varchar(1024)'

    print 'DECLARE @w varchar(1024)'

    print ''

    print 'CREATE TABLE login2'

    print '('

    print 'names varchar(1024),'

    print 'role varchar(3000)'

    print ')'

    print ''

    print ''

    DECLARE master CURSOR FOR

    select name,dbname,sysadmin,securityadmin,serveradmin,setupadmin,processadmin,diskadmin,dbcreator,bulkadmin

    FROM master..syslogins WHERE name not LIKE 'BUILTIN%' AND name <> 'sa'

    OPEN master

    FETCH NEXT FROM master INTO @logins,@default1,@sysadmin,@securityadmin,@serveradmin,@setupadmin,@processadmin,@diskadmin,@dbcreator,@bulkadmin

    WHILE (@@FETCH_STATUS = 0)

    BEGIN

    --@@@@@@ sysadmin

    IF (@sysadmin = 1)

    BEGIN

    print 'INSERT INTO login2 VALUES ('+''''+@logins+''''+','+'''sysadmin'''+')'

    print ''

    END

    --@@@@@ securityadmin

    IF (@securityadmin = 1)

    BEGIN

    print 'INSERT INTO login2 VALUES ('+''''+@logins+''''+','+'''securityadmin'''+')'

    print ''

    END

    --@@@@@ serveradmin

    IF (@serveradmin = 1)

    BEGIN

    print 'INSERT INTO login2 VALUES ('+''''+@logins+''''+','+'''serveradmin'''+')'

    print ''

    END

    --@@@@@ setupadmin

    IF (@setupadmin = 1)

    BEGIN

    print 'INSERT INTO login2 VALUES ('+''''+@logins+''''+','+'''setupadmin'''+')'

    print ''

    END

    --@@@@@ processadmin

    IF (@processadmin = 1)

    BEGIN

    print 'INSERT INTO login2 VALUES ('+''''+@logins+''''+','+'''processadmin'''+')'

    print ''

    END

    --@@@@@ diskadmin

    IF (@diskadmin = 1)

    BEGIN

    print 'INSERT INTO login2 VALUES ('+''''+@logins+''''+','+'''diskadmin'''+')'

    print ''

    END

    --@@@@@ dbcreator

    IF (@dbcreator = 1)

    BEGIN

    print 'INSERT INTO login2 VALUES ('+''''+@logins+''''+','+'''dbcreator'''+')'

    print ''

    END

    --@@@@@ bulkadmin

    IF (@bulkadmin = 1)

    BEGIN

    print 'INSERT INTO login2 VALUES ('+''''+@logins+''''+','+'''bulkadmin'''+')'

    print ''

    END

    FETCH NEXT FROM master INTO @logins,@default1,@sysadmin,@securityadmin,@serveradmin,@setupadmin,@processadmin,@diskadmin,@dbcreator,@bulkadmin

    END

    CLOSE master

    DEALLOCATE master

    print 'DECLARE logins CURSOR FOR'

    print 'select names + '+''','''+'+ role FROM login2'

    print 'OPEN logins'

    print 'FETCH NEXT FROM logins INTO @login2'

    print 'WHILE (@@FETCH_STATUS = 0)'

    print 'BEGIN'

    print 'SET @w = ''sp_addsrvrolemember ''+@login2'

    print 'EXEC (@w)'

    print 'FETCH NEXT FROM logins INTO @login2'

    print 'END'

    print 'CLOSE logins'

    print 'DEALLOCATE logins'

    print 'DROP TABLE login2'

    print '--#################################################################'

    print '--Generate Script for Database Users/ROles'

    print '--#################################################################'

    print ''

    /****************************************

    Script Made by Lester A. Policarpio

    other parts came from http://www.sqlservercentral.com/articles/Administering/listofdatabaseuserswithdatabaseroles/1545/

    For questions and clarifications feel free to email me at

    lpolicarpio2005@yahooo.com

    */

    DECLARE @dbcomp varchar(1024)

    DECLARE @pass varchar(5000)

    DECLARE @counter varchar(500)

    --This part of script came from

    --www.sqlservercentral.com/articles/Administering/listofdatabaseuserswithdatabaseroles/1545/

    DECLARE @dbid varchar(100)

    CREATE TABLE DBROLES

    ( DBName sysname not null,

    UserName sysname not null,

    db_owner varchar(3) not null,

    db_accessadmin varchar(3) not null,

    db_securityadmin varchar(3) not null,

    db_ddladmin varchar(3) not null,

    db_datareader varchar(3) not null,

    db_datawriter varchar(3) not null,

    db_denydatareader varchar(3) not null,

    db_denydatawriter varchar(3) not null,

    db_backupoperator varchar(3) not null

    )

    declare @dbname varchar(200)

    declare @mSql1varchar(8000)

    DECLARE DBName_Cursor CURSOR FOR

    select name

    frommaster.dbo.sysdatabases

    where name not in ('master','tempdb','model','pubs','northwind','DBA','msdb')

    Order by name

    OPEN DBName_Cursor

    FETCH NEXT FROM DBName_Cursor INTO @dbname

    WHILE @@FETCH_STATUS = 0

    BEGIN

    Set @mSQL1 = 'Insert into DBROLES ( DBName, UserName, db_owner, db_accessadmin,

    db_securityadmin, db_ddladmin, db_datareader, db_datawriter,

    db_denydatareader, db_denydatawriter,db_backupoperator )

    SELECT '+''''+@dbName +''''+ ' as DBName ,UserName, '+char(13)+'

    Max(CASE RoleName WHEN ''db_owner'' THEN ''Yes'' ELSE ''No'' END) AS db_owner,

    Max(CASE RoleName WHEN ''db_accessadmin '' THEN ''Yes'' ELSE ''No'' END) AS db_accessadmin ,

    Max(CASE RoleName WHEN ''db_securityadmin'' THEN ''Yes'' ELSE ''No'' END) AS db_securityadmin,

    Max(CASE RoleName WHEN ''db_ddladmin'' THEN ''Yes'' ELSE ''No'' END) AS db_ddladmin,

    Max(CASE RoleName WHEN ''db_datareader'' THEN ''Yes'' ELSE ''No'' END) AS db_datareader,

    Max(CASE RoleName WHEN ''db_datawriter'' THEN ''Yes'' ELSE ''No'' END) AS db_datawriter,

    Max(CASE RoleName WHEN ''db_denydatareader'' THEN ''Yes'' ELSE ''No'' END) AS db_denydatareader,

    Max(CASE RoleName WHEN ''db_denydatawriter'' THEN ''Yes'' ELSE ''No'' END) AS db_denydatawriter,

    Max(CASE RoleName WHEN ''db_backupoperator'' THEN ''Yes'' ELSE ''No'' END) AS db_backupoperator

    from (

    select b.name as USERName, c.name as RoleName

    from ' + @dbName+'.dbo.sysmembers a '+char(13)+

    'join '+ @dbName+'.dbo.sysusers b '+char(13)+

    'on a.memberuid = b.uid join '+@dbName +'.dbo.sysusers c

    on a.groupuid = c.uid )s

    Group by USERName

    order by UserName'

    --Print @mSql1

    Execute (@mSql1)

    FETCH NEXT FROM DBName_Cursor INTO @dbname

    END

    CLOSE DBName_Cursor

    DEALLOCATE DBName_Cursor

    --Up to this part of script came from

    --www.sqlservercentral.com/articles/Administering/listofdatabaseuserswithdatabaseroles/1545/

    DECLARE @db varchar(1024)

    DECLARE @name1 varchar(200)

    DECLARE @name2 varchar(20)

    DECLARE @hasdbaccess varchar(200)

    DECLARE @islogin varchar(200)

    DECLARE @isntname varchar(200)

    DECLARE @isntgroup varchar(200)

    DECLARE @isntuser varchar(200)

    DECLARE @issqluser varchar(200)

    DECLARE @isaliased varchar(200)

    DECLARE @issqlrole varchar(200)

    DECLARE @isapprole varchar(200)

    SET @name2 = '1'

    DECLARE cur CURSOR FOR

    select dbname,username,db_owner,db_accessadmin,db_securityadmin,db_ddladmin,db_datareader,db_datawriter,

    db_denydatareader,db_denydatawriter,db_backupoperator from DBROLES WHERE username <> 'DBO'

    OPEN cur

    FETCH NEXT FROM cur INTO @counter,@name1,@hasdbaccess,@islogin,@isntname,@isntgroup,@isntuser,@issqluser,@isaliased,@issqlrole,@isapprole

    WHILE (@@FETCH_STATUS = 0)

    BEGIN

    print '--@@@@@'+@name1+@name2+'@@@@@--'

    print 'DECLARE @'+@name1+@name2+' varchar(1024)'

    print 'DECLARE @'+@name1+@name2+'2 varchar(1024)'

    print 'DECLARE @'+@name1+@name2+'3 varchar(1024)'

    print 'DECLARE '+@name1 +@name2+ ' CURSOR for'

    print 'select name from master..sysdatabases where name IN ('+''''+@counter+''''+')'

    print 'OPEN '+@name1+@name2

    print 'FETCH NEXT FROM '+@name1+@name2+' INTO @'+@name1+@name2

    print 'WHILE (@@FETCH_STATUS = 0)'

    print 'BEGIN'

    print 'SET @'+@name1+@name2+'2 = @'+@name1+@name2+'+'+''''+'..sp_grantdbaccess '+''''+'+'+''''+@name1+''''

    print 'EXEC (@'+@name1+@name2+'2)'

    -- @hasdbaccess

    IF (@hasdbaccess = 'YES')

    BEGIN

    print 'SET @'+@name1+@name2+'3 = @'+@name1+@name2+'+'+''''+'..sp_addrolemember '+''''+'+'+''''+'db_owner'+','+@name1+''''

    print 'EXEC (@'+@name1+@name2+'3)'

    END

    -- @islogin

    IF (@islogin ='YES')

    BEGIN

    print 'SET @'+@name1+@name2+'3 = @'+@name1+@name2+'+'+''''+'..sp_addrolemember '+''''+'+'+''''+'db_accessadmin'+','+@name1+''''

    print 'EXEC (@'+@name1+@name2+'3)'

    END

    -- @isntname

    IF (@isntname = 'YES')

    BEGIN

    print 'SET @'+@name1+@name2+'3 = @'+@name1+@name2+'+'+''''+'..sp_addrolemember '+''''+'+'+''''+'db_securityadmin'+','+@name1+''''

    print 'EXEC (@'+@name1+@name2+'3)'

    END

    -- @isntgroup

    IF (@isntgroup ='YES')

    BEGIN

    print 'SET @'+@name1+@name2+'3 = @'+@name1+@name2+'+'+''''+'..sp_addrolemember '+''''+'+'+''''+'db_ddladmin'+','+@name1+''''

    print 'EXEC (@'+@name1+@name2+'3)'

    END

    -- @isntuser

    IF (@isntuser = 'YES')

    BEGIN

    print 'SET @'+@name1+@name2+'3 = @'+@name1+@name2+'+'+''''+'..sp_addrolemember '+''''+'+'+''''+'db_datareader'+','+@name1+''''

    print 'EXEC (@'+@name1+@name2+'3)'

    END

    -- @issqluser

    IF (@issqluser = 'YES')

    BEGIN

    print 'SET @'+@name1+@name2+'3 = @'+@name1+@name2+'+'+''''+'..sp_addrolemember '+''''+'+'+''''+'db_datawriter'+','+@name1+''''

    print 'EXEC (@'+@name1+@name2+'3)'

    END

    -- @isaliased

    IF (@isaliased = 'YES')

    BEGIN

    print 'SET @'+@name1+@name2+'3 = @'+@name1+@name2+'+'+''''+'..sp_addrolemember '+''''+'+'+''''+'db_denydatareader'+','+@name1+''''

    print 'EXEC (@'+@name1+@name2+'3)'

    END

    -- @issqlrole

    IF (@issqlrole = 'YES')

    BEGIN

    print 'SET @'+@name1+@name2+'3 = @'+@name1+@name2+'+'+''''+'..sp_addrolemember '+''''+'+'+''''+'db_denydatawriter'+','+@name1+''''

    print 'EXEC (@'+@name1+@name2+'3)'

    END

    -- @isqpprole

    IF (@isapprole = 'YES')

    BEGIN

    print 'SET @'+@name1+@name2+'3 = @'+@name1+@name2+'+'+''''+'..sp_addrolemember '+''''+'+'+''''+'db_backupoperator'+','+@name1+''''

    print 'EXEC (@'+@name1+@name2+'3)'

    END

    print 'FETCH NEXT FROM '+@name1+@name2+' INTO @'+@name1+@name2

    print 'END'

    print 'CLOSE '+@name1+@name2

    print 'DEALLOCATE '+@name1+@name2

    SET @name2 = @name2+'1'

    FETCH NEXT FROM cur INTO @counter,@name1,@hasdbaccess,@islogin,@isntname,@isntgroup,@isntuser,@issqluser,@isaliased,@issqlrole,@isapprole

    END

    CLOSE cur

    DEALLOCATE cur

    DROP TABLE DBROLES

    "-=Still Learning=-"

    Lester Policarpio

  • And one thing before you apply the result of the script above to the database you already restored you must delete first the orphaned users. Here is the script to delete the orphaned users.

    NOTE: please read the comments carefully 😀

    /***********************************

    Script Made by: Lester A. Policarpio

    Any Suggestions and Clarifications feel free

    to email me at lpolicarpio2005@yahoo.com

    This script will delete orphaned users in all

    databases of a certain server

    (excluding system databases)

    ***********************************/

    SET NOCOUNT ON

    IF EXISTS (SELECT name from sysobjects where name = 'orphaned')

    DROP TABLE orphaned

    CREATE TABLE orphaned (DBName varchar(500), UserName varchar(250))

    DECLARE @db varchar(500)

    DECLARE @set varchar(1024)

    DECLARE db CURSOR FOR

    SELECT name FROM master..sysdatabases WHERE name NOT IN

    ('master','model','msdb','tempdb','DBA','pubs','Northwind')

    OPEN db

    FETCH NEXT FROM db INTO @db

    WHILE (@@FETCH_STATUS = 0)

    BEGIN

    --SELECT statement below is from http://www.sqlteam.com/forums/topic.asp?TOPIC_ID=12615

    SET @set = 'SELECT UserName = name,'+''''+@db+''''+' as '+'''DBName'''+' FROM '+@db+'..sysusers

    WHERE issqluser = 1 and (sid is not null and sid <> 0x0)

    and suser_sname(sid) is null

    ORDER BY name'

    INSERT INTO orphaned(UserName,DBName) exec (@set)

    FETCH NEXT FROM db INTO @db

    END

    CLOSE db

    DEALLOCATE db

    --Second CURSOR

    DECLARE @db2 varchar(500)

    DECLARE @db3 varchar(500)

    DECLARE @change_login varchar(50)

    print 'Orphaned Users are : '

    DECLARE db2 CURSOR FOR

    SELECT DBName,UserName FROM orphaned

    OPEN db2

    FETCH NEXT FROM db2 INTO @db2,@db3

    WHILE (@@FETCH_STATUS = 0)

    BEGIN

    SET @change_login = @db2+'..sp_revokedbaccess '+''''+@db3+''''

    print '['+(@db3)+']'+' -------------------- in database: '+'['+(@db2)+']' -- lets you view first the orphaned users

    --exec (@change_login) --execute this part and it will delete the orphaned users

    FETCH NEXT FROM db2 INTO @db2,@db3

    END

    CLOSE db2

    DEALLOCATE db2

    DROP TABLE orphaned

    SET NOCOUNT OFF

    "-=Still Learning=-"

    Lester Policarpio

  • Thank you for sharing. A lot of efforts. I thought it could be a simple script to migrate roles.

    I used sp_help_revlogin for login migration to another server. But it does not generate sp_addrolemember part.

  • Yeah my scenario is also same as you i searched for many commands that will do the trick but end up making 1 😀

    Ohhh 1 thing.... the script i gave you about the delete orphaned users will only take effect for those table who's owner is dbo if the owner is not dbo then i think you will encounter an error if you table setting is set with a different owner i suggests you get a delete orphaned user script in the script section of this site else if all tables are owned by dbo then this script should do the trick (the delete orphaned user script)

    "-=Still Learning=-"

    Lester Policarpio

  • What about this?

    How to Script User and Role Object Permissions in SQL Server

    By : Bradley Morris

    May 14, 2002

    http://www.sql-server-performance.com/articles/dba/object_permission_scripts_p1.aspx

    G. Milner

  • that's a good script you have there gdmilner but in order to script all the users you must run the script in each of the databases and not to mention that you must supplement the database username of each of the databases..... what if you have let's say... hmmm 40-50 databases per server???

    "-=Still Learning=-"

    Lester Policarpio

  • Check if the below script helps.

    /* Script by Sugesh */

    /*posted @ sqlarticles.com */

    set nocount on

    Print 'Column Level Privileges to the User:'

    select 'grant '+privilege_type+' on '+table_schema+'.'+table_name+' ('+column_name+') to ['+grantee+']'+case IS_GRANTABLE when 'YES' then ' With GRANT OPTION' else '' end from INFORMATION_SCHEMA.COLUMN_PRIVILEGES

    Print 'Table Level Privileges to the User:'

    select 'grant '+privilege_type+' on '+table_schema+'.'+table_name+' to ['+grantee+']' +case IS_GRANTABLE when 'YES' then ' With GRANT OPTION' else '' end from INFORMATION_SCHEMA.TABLE_PRIVILEGES

    Print 'Privileges for Procedures/Functions to the User:'

    select 'grant execute on '+c.name+'.'+a.name+' to '+user_name(b.grantee_principal_id)+case state when 'W' then ' with grant option' else '' end

    from sys.all_objects a, sys.database_permissions b, sys.schemas c

    where a.object_id = b.major_id and

    a.type in ('P','FN') and b.grantee_principal_id<>0 and

    b.grantee_principal_id <>2 and

    a.schema_id=c.schema_id

    Cheers,
    Sugeshkumar Rajendran
    SQL Server MVP
    http://sugeshkr.blogspot.com

Viewing 9 posts - 1 through 8 (of 8 total)

You must be logged in to reply to this topic. Login to reply