December 4, 2009 at 12:36 pm
Is there an easy way to grant execute to all functions rather than creating a script for one user for each function?
Thanks in advance for your help!:-D
¤ §unshine ¤
December 4, 2009 at 1:23 pm
Create a cursor that selects all the functions from the system views, have it step through them and build a dynamic SQL command to grant the permissions.
- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
December 4, 2009 at 5:39 pm
alternatively, create a script that will concatenate the statement in a set based fashion
select 'grant execute on ['+ name + '] to sa'
from sys.objects
where type = 'fn'
and is_ms_shipped = 0
Copy the results to a new query window, evaluate them, and then execute them.
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
December 5, 2009 at 12:41 pm
Taking Jason's fine code to the next level so that you don't have so much manual interaction (and, you could turn this into a DBA stored proc)...
DECLARE @sql VARCHAR(MAX)
SELECT @sql = (SELECT 'GRANT EXECUTE ON ['+ name + '] TO sa' +CHAR(10)
FROM sys.objects
WHERE TYPE = 'fn'
AND is_ms_shipped = 0
FOR XML PATH(''))
--PRINT @sql
EXEC (@SQL)
--Jeff Moden
Change is inevitable... Change for the better is not.
December 5, 2009 at 7:11 pm
Please don't use "sa" in examples. It sends a bad message, even though it doesn't matter in this example.
However, the way you want to do this, using the code above, is grant these rights to a ROLE, not a user. Add users to the role, don't grant rights to each user.
December 5, 2009 at 8:32 pm
Nice catch Steve.
You will need to replace 'sa' with the Role for which you wish to grant access. As Steve stated, you should grant permissions to a Role and not directly to the user. It is easier maintenance and better practice to use Roles for permissions assignment than directly to the users.
Using Jeff's version, the code would be:
DECLARE @sql VARCHAR(MAX)
SELECT @sql = (SELECT 'GRANT EXECUTE ON ['+ name + '] TO YourRole' +CHAR(10)
FROM sys.objects
WHERE TYPE = 'fn'
AND is_ms_shipped = 0
FOR XML PATH(''))
--PRINT @sql
EXEC (@SQL)
I do have to add another sidebar on this though. It isn't always necessary to grant execute to all Functions or Procs. It is better to find out what exactly is needed for the Role and then assign explicitly those perms to that user.
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
December 5, 2009 at 9:10 pm
Steve Jones - Editor (12/5/2009)
Please don't use "sa" in examples. It sends a bad message, even though it doesn't matter in this example.However, the way you want to do this, using the code above, is grant these rights to a ROLE, not a user. Add users to the role, don't grant rights to each user.
You're right, of course. :blush: I was just being incredibly lazy. For a Saturday, it's been an incredibly long "code day". :hehe:
--Jeff Moden
Change is inevitable... Change for the better is not.
December 7, 2009 at 7:32 am
The reason I use cursors for this kind of thing, instead of "quirky update" string building, is that I can wrap each command in error handling much more easily.
- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
December 7, 2009 at 8:10 am
And, depending on your design, you could skip the whole cursor by granting execute privileges to a particular schema:
GRANT EXECUTE ON someschema TO somerole
"The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood"
- Theodore Roosevelt
Author of:
SQL Server Execution Plans
SQL Server Query Performance Tuning
December 7, 2009 at 9:51 am
GSquared (12/7/2009)
The reason I use cursors for this kind of thing, instead of "quirky update" string building, is that I can wrap each command in error handling much more easily.
You can also do that with the string building method fairly easily... but I agree... for something like this, a cursor isn't going to slow anything down and it's one of the few places where I won't bite someone's head off for using a cursor. I just can't bring myself to actually write a cursor... :-P:hehe:
--Jeff Moden
Change is inevitable... Change for the better is not.
December 7, 2009 at 10:05 am
GSquared (12/7/2009)
The reason I use cursors for this kind of thing, instead of "quirky update" string building, is that I can wrap each command in error handling much more easily.
This is one of those places where it wouldn't hurt too much to use a cursor - and is common practice. I just wanted to provide an alternate method.
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
Viewing 11 posts - 1 through 10 (of 10 total)
You must be logged in to reply to this topic. Login to reply