1. Inicio
  2. Pregunta y respuesta
  3. Cómo crear automáticamente los elementos asignables a una cuenta SQL?

Cómo crear automáticamente los elementos asignables a una cuenta SQL?

2009-09-30 11 views
8

Quiero generar una secuencia de comandos para asignar una cuenta de usuario a algunos elementos asegurables, p. Ej. Tabla: Seleccione.Cómo crear automáticamente los elementos asignables a una cuenta SQL?

¿Cómo hacer esto?

Fuente

2009-09-30 R.D

+1

que ha asignado al usuario permisos para los elementos protegibles y ya que desea generar las declaraciones de la subvención? –

+1

sí, pero automáticamente. Al igual que "Script> Crear tabla" –

Respuesta

-1

Al igual que con cualquier servidor SQL al utilizar SQL Server Management Studio si no está seguro de cómo hacer algo específico (es decir, buscó en Libros en línea pero no puede resolverlo), utilizando la 'Acción de Script a Nuevo Ventana de consulta 'del menú desplegable Script en los cuadros de diálogo es muy útil.

Al utilizar las herramientas de la GUI y luego inspeccionar el script resultante, puede ver rápidamente cómo hacer cosas más complejas que simplemente no puede mantener en la memoria hasta que las haya realizado muchas veces.

Fuente

2009-10-20 12:52:32

0

Puede modificar la cláusula where de la selección de objetos como mejor le parezca. Debería haber un mínimo de tweeking si está buscando un guión de 2005 o 2008.

/¡Precaución!/Este script puede ser un poco peligroso.

Declare @TableName varchar(100), 
    @Sql nvarchar(500), 
    @Result int, 
    @UserName nvarchar(258) 
    set @UserName= QuoteName('<your_user>') 
Print @UserName 

    DECLARE 
    Your_Cursor cursor 
    LOCAL 
    FORWARD_ONLY 
    OPTIMISTIC 
    FOR 
/* if you only want one object to apply permissions to*/ 
-- select Name from Sysobjects where name = 'Your_TableName' 
/*tables*/-- select name from sysobjects where xtype = 'U' order by name 
/*views*/-- select name from sysobjects where xtype = 'V' order by name 
/*StoredPs*/-- select name from sysobjects where xtype = 'P' order by name 
/*UDFs*/-- select name from sysobjects where xtype = 'FN' order by name 
/**********************************************************************/ 


OPEN Your_Cursor 
FETCH NEXT from Your_Cursor into @TableName 
while (@@fetch_status = 0) 
    begin 
/*Tables*/ 
--  set @Sql = N'Grant Select On '+ @TableName+ N' To ' + @UserName 
--  set exec @Result = sp_executeSql @Sql 
--  if @Result = 0 
--  begin 
--   Print 'Granted Select On '+ @TableName + ' by ' + @UserName 
--  end 
--  set @Sql = N'Grant Insert On '+ @TableName+ N' To ' + @UserName 
--  set exec @Result = sp_executeSql @Sql 
--  if @Result = 0 
--  begin 
--   Print 'Granted Insert On '+ @TableName + ' by ' + @UserName 
--  end 
--  set @Sql = N'Grant Update On '+ @TableName+ N' To '+ @UserName 
--  set exec @Result = sp_executeSql @Sql 
--  if @Result = 0 
--  begin 
--   Print 'Granted Update On '+ @TableName + ' by ' + @UserName 
--  end 
--  set @Sql = N'Grant Delete On '+ @TableName+ N' To '+ @UserName 
--  set exec @Result = sp_executeSql @Sql 
--  if @Result = 0 
--  begin 
--   Print 'Granted Delete On '+ @TableName + ' by ' + @UserName 
--  end 
/*Stored Procs and UDFs*/ 
--  set @Sql = N'Grant Execute On '+ @TableName+ N' To '+ @UserName 
--  set exec @Result = sp_executeSql @Sql 
--  if @Result = 0 
--  begin 
--   Print 'Granted Execute On '+ @TableName + ' by ' + @UserName 
--  end 
    FETCH NEXT from your_Cursor into @TableName 
    end 
CLOSE Your_Cursor 
DEALLOCATE Your_Cursor

Fuente

2009-12-15 22:55:33

0

Enlace de RYU is dead.

encontrado otro script que hace el trabajo aquí:

http://blogs.msdn.com/b/blogdoezequiel/archive/2010/04/26/the-sql-swiss-army-knife-1.aspx

En caso de que alguna vez muere aquí está:

IF EXISTS (SELECT * FROM dbo.sysobjects WHERE id = OBJECT_ID(N'[dbo].[usp_SecurCreation]') AND OBJECTPROPERTY(id, N'IsProcedure') = 1) 
DROP PROCEDURE [dbo].[usp_SecurCreation] 
GO 

CREATE PROCEDURE usp_SecurCreation @User NVARCHAR(128) = NULL, @DB NVARCHAR(256) = NULL 
WITH ENCRYPTION 
AS 
-- 
-- Does not deal with CERTIFICATE_MAPPED_LOGIN and ASYMMETRIC_KEY_MAPPED_LOGIN types 
-- 
-- All users: EXEC usp_SecurCreation 
-- 
-- One user, All DBs: EXEC usp_SecurCreation '<User>' 
-- 
-- One user, One DBs: EXEC usp_SecurCreation '<User>', '<DBName>' 
-- 
-- All users, One DBs: EXEC usp_SecurCreation NULL, '<DBName>' 
-- 

SET NOCOUNT ON 

DECLARE @SC NVARCHAR(4000), @SCUser NVARCHAR(4000), @SCDB NVARCHAR(4000) 
CREATE TABLE #TempSecurables ([State] VARCHAR(100), 
      [State2] VARCHAR(100), 
      [PermName] VARCHAR(100), 
      [Type] NVARCHAR(60), 
      [Grantor] VARCHAR(100), 
      [User] VARCHAR(100) 
      )  
CREATE TABLE #TempSecurables2 ([DBName] sysname, 
       [State] VARCHAR(1000) 
       )  

IF @User IS NULL AND @DB IS NULL 
BEGIN 
    --Server level Privileges to User or User Group 

    INSERT INTO #TempSecurables 
    SELECT CASE CAST(p.state AS VARCHAR(100)) WHEN 'D' THEN 'DENY' WHEN 'R' THEN 'REVOKE' WHEN 'G' THEN 'GRANT' WHEN 'W' THEN 'GRANT' END, 
    CASE CAST(p.state AS VARCHAR(100)) WHEN 'W' THEN 'WITH GRANT OPTION' ELSE '' END, CAST(p.permission_name AS VARCHAR(100)), RTRIM(p.class_desc), 
    (SELECT [name] FROM sys.server_principals WHERE principal_id = p.grantor_principal_id), CAST(l.name AS VARCHAR(100)) 
    FROM sys.server_permissions p JOIN sys.server_principals l 
    ON p.grantee_principal_id = l.principal_id 
    AND l.is_disabled = 0 
    AND l.type IN ('S', 'U', 'G', 'R') 

    INSERT INTO #TempSecurables2 
    EXEC master.dbo.sp_MSforeachdb @command1='USE [?] 
    --Privileges for Procedures/Functions/CLR/Views to the User 
    SELECT ''[?]'', CASE WHEN (b.state_desc COLLATE database_default) = ''GRANT_WITH_GRANT_OPTION'' THEN ''GRANT'' ELSE (b.state_desc COLLATE database_default) END + '' EXECUTE ON ['' + c.name + ''].['' + a.name + ''] TO '' + QUOTENAME(USER_NAME(b.grantee_principal_id)) + 
    CASE STATE WHEN ''W'' THEN '' WITH GRANT OPTION'' 
    ELSE '''' END FROM sys.all_objects a, sys.database_permissions b, sys.schemas c 
    WHERE a.OBJECT_ID = b.major_id AND a.type IN (''X'',''P'',''FN'',''AF'',''FS'',''FT'') AND b.grantee_principal_id <>0 
    AND b.grantee_principal_id <>2 AND a.schema_id = c.schema_id 
    ORDER BY c.name 

    --Table and View Level Privileges to the User 
    SELECT ''[?]'', ''GRANT '' + privilege_type + '' ON ['' + table_schema + ''].['' + table_name + ''] TO ['' + grantee + '']'' + 
    CASE IS_GRANTABLE WHEN ''YES'' THEN '' WITH GRANT OPTION'' 
    ELSE '''' END FROM INFORMATION_SCHEMA.TABLE_PRIVILEGES 
    WHERE GRANTEE <> ''public'' 

    --Column Level Privileges to the User 
    SELECT ''[?]'', ''GRANT '' + privilege_type + '' ON ['' + table_schema + ''].['' + table_name + ''] ('' + column_name + '') TO ['' + grantee + '']'' + 
    CASE IS_GRANTABLE WHEN ''YES'' THEN '' WITH GRANT OPTION'' 
    ELSE '''' END FROM INFORMATION_SCHEMA.COLUMN_PRIVILEGES 
    WHERE GRANTEE <> ''public''' 
END 
ELSE IF @User IS NULL AND @DB IS NOT NULL 
BEGIN 
    --Server level Privileges to User or User Group 

    INSERT INTO #TempSecurables 
    SELECT CASE CAST(p.state AS VARCHAR(100)) WHEN 'D' THEN 'DENY' WHEN 'R' THEN 'REVOKE' WHEN 'G' THEN 'GRANT' WHEN 'W' THEN 'GRANT' END, 
    CASE CAST(p.state AS VARCHAR(100)) WHEN 'W' THEN 'WITH GRANT OPTION' ELSE '' END, CAST(p.permission_name AS VARCHAR(100)), RTRIM(p.class_desc), 
    (SELECT [name] FROM sys.server_principals WHERE principal_id = p.grantor_principal_id), CAST(l.name AS VARCHAR(100)) 
    FROM sys.server_permissions AS p JOIN sys.server_principals AS l 
    ON p.grantee_principal_id = l.principal_id 
    AND l.is_disabled = 0 
    AND l.type IN ('S', 'U', 'G', 'R') 

    SET @SCDB='USE [' + @DB + '] 
    --Privileges for Procedures/Functions/CLR/Views to the User 
    SELECT ''[' + @DB + ']'', CASE WHEN (b.state_desc COLLATE database_default) = ''GRANT_WITH_GRANT_OPTION'' THEN ''GRANT'' ELSE (b.state_desc COLLATE database_default) END + '' EXECUTE ON ['' + c.name + ''].['' + a.name + ''] TO '' + QUOTENAME(USER_NAME(b.grantee_principal_id)) + 
    CASE STATE WHEN ''W'' THEN '' WITH GRANT OPTION'' 
    ELSE '''' END FROM sys.all_objects a, sys.database_permissions b, sys.schemas c 
    WHERE a.OBJECT_ID = b.major_id AND a.type IN (''X'',''P'',''FN'',''AF'',''FS'',''FT'') AND b.grantee_principal_id <>0 
    AND b.grantee_principal_id <>2 AND a.schema_id = c.schema_id 
    ORDER BY c.name 

    --Table and View Level Privileges to the User 
    SELECT ''[' + @DB + ']'', ''GRANT '' + privilege_type + '' ON ['' + table_schema + ''].['' + table_name + ''] TO ['' + grantee + '']'' + 
    CASE IS_GRANTABLE WHEN ''YES'' THEN '' WITH GRANT OPTION'' 
    ELSE '''' END FROM INFORMATION_SCHEMA.TABLE_PRIVILEGES 
    WHERE GRANTEE <> ''public'' 

    --Column Level Privileges to the User 
    SELECT ''[' + @DB + ']'', ''GRANT '' + privilege_type + '' ON ['' + table_schema + ''].['' + table_name + ''] ('' + column_name + '') TO ['' + grantee + '']'' + 
    CASE IS_GRANTABLE WHEN ''YES'' THEN '' WITH GRANT OPTION'' 
    ELSE '''' END FROM INFORMATION_SCHEMA.COLUMN_PRIVILEGES 
    WHERE GRANTEE <> ''public''' 

    INSERT INTO #TempSecurables2 
    EXEC master..sp_executesql @SCDB 
END 
ELSE IF @User IS NOT NULL AND @DB IS NOT NULL 
BEGIN 
    --Server level Privileges to User or User Group 

    INSERT INTO #TempSecurables 
    SELECT CASE CAST(p.state AS VARCHAR(100)) WHEN 'D' THEN 'DENY' WHEN 'R' THEN 'REVOKE' WHEN 'G' THEN 'GRANT' WHEN 'W' THEN 'GRANT' END, 
    CASE CAST(p.state AS VARCHAR(100)) WHEN 'W' THEN 'WITH GRANT OPTION' ELSE '' END, CAST(p.permission_name AS VARCHAR(100)), RTRIM(p.class_desc), 
    (SELECT [name] FROM sys.server_principals WHERE principal_id = p.grantor_principal_id), CAST(l.name AS VARCHAR(100)) 
    FROM sys.server_permissions AS p JOIN sys.server_principals AS l 
    ON p.grantee_principal_id = l.principal_id 
    AND l.is_disabled = 0 
    AND l.type IN ('S', 'U', 'G', 'R') 
    AND QUOTENAME(l.name) = QUOTENAME(@User) 

    SET @SCDB='USE [' + @DB + '] 
    --Privileges for Procedures/Functions/CLR/Views to the User 
    SELECT ''[' + @DB + ']'', CASE WHEN (b.state_desc COLLATE database_default) = ''GRANT_WITH_GRANT_OPTION'' THEN ''GRANT'' ELSE (b.state_desc COLLATE database_default) END + '' EXECUTE ON ['' + c.name + ''].['' + a.name + ''] TO '' + QUOTENAME(USER_NAME(b.grantee_principal_id)) + 
    CASE STATE WHEN ''W'' THEN '' WITH GRANT OPTION'' 
    ELSE '''' END FROM sys.all_objects a, sys.database_permissions b, sys.schemas c 
    WHERE a.OBJECT_ID = b.major_id AND a.type IN (''X'',''P'',''FN'',''AF'',''FS'',''FT'') AND b.grantee_principal_id <>0 
    AND b.grantee_principal_id <>2 AND a.schema_id = c.schema_id 
    AND QUOTENAME(USER_NAME(b.grantee_principal_id)) = ''[' + @User + ']'' 
    ORDER BY c.name 

    --Table and View Level Privileges to the User 
    SELECT ''[' + @DB + ']'', ''GRANT '' + privilege_type + '' ON ['' + table_schema + ''].['' + table_name + ''] TO ['' + grantee + '']'' + 
    CASE IS_GRANTABLE WHEN ''YES'' THEN '' WITH GRANT OPTION'' 
    ELSE '''' END FROM INFORMATION_SCHEMA.TABLE_PRIVILEGES 
    WHERE GRANTEE <> ''public'' 
    AND grantee = ''[' + @User + ']'' 

    --Column Level Privileges to the User 
    SELECT ''[' + @DB + ']'', ''GRANT '' + privilege_type + '' ON ['' + table_schema + ''].['' + table_name + ''] ('' + column_name + '') TO ['' + grantee + '']'' + 
    CASE IS_GRANTABLE WHEN ''YES'' THEN '' WITH GRANT OPTION'' 
    ELSE '''' END FROM INFORMATION_SCHEMA.COLUMN_PRIVILEGES 
    WHERE GRANTEE <> ''public'' 
    AND grantee = ''[' + @User + ']''' 

    INSERT INTO #TempSecurables2 
    EXEC master..sp_executesql @SCDB 
END 
ELSE 
BEGIN 
    --Server level Privileges to User or User Group 
    INSERT INTO #TempSecurables 
    SELECT CASE CAST(p.state AS VARCHAR(100)) WHEN 'D' THEN 'DENY' WHEN 'R' THEN 'REVOKE' WHEN 'G' THEN 'GRANT' WHEN 'W' THEN 'GRANT' END, 
    CASE CAST(p.state AS VARCHAR(100)) WHEN 'W' THEN 'WITH GRANT OPTION' ELSE '' END, CAST(p.permission_name AS VARCHAR(100)), RTRIM(p.class_desc), 
    (SELECT [name] FROM sys.server_principals WHERE principal_id = p.grantor_principal_id), CAST(l.name AS VARCHAR(100)) 
    FROM sys.server_permissions p JOIN sys.server_principals l 
    ON p.grantee_principal_id = l.principal_id 
    AND l.is_disabled = 0 
    AND l.type IN ('S', 'U', 'G', 'R') 
    AND QUOTENAME(l.name) = QUOTENAME(@User) 

    SET @SCUser = 'USE [?] 
    --Privileges for Procedures/Functions/CLR/Views to the User 
    SELECT ''[?]'', CASE WHEN (b.state_desc COLLATE database_default) = ''GRANT_WITH_GRANT_OPTION'' THEN ''GRANT'' ELSE (b.state_desc COLLATE database_default) END + '' EXECUTE ON ['' + c.name + ''].['' + a.name + ''] TO '' + QUOTENAME(USER_NAME(b.grantee_principal_id)) + 
    CASE STATE WHEN ''W'' THEN '' WITH GRANT OPTION'' 
    ELSE '''' END FROM sys.all_objects a, sys.database_permissions b, sys.schemas c 
    WHERE a.OBJECT_ID = b.major_id AND a.type IN (''X'',''P'',''FN'',''AF'',''FS'',''FT'') AND b.grantee_principal_id <>0 
    AND b.grantee_principal_id <>2 AND a.schema_id = c.schema_id 
    AND QUOTENAME(USER_NAME(b.grantee_principal_id)) = ''[' + @User + ']'' 
    ORDER BY c.name 

    --Table and View Level Privileges to the User 
    SELECT ''[?]'', ''GRANT '' + privilege_type + '' ON ['' + table_schema + ''].['' + table_name + ''] TO ['' + grantee + '']'' + 
    CASE IS_GRANTABLE WHEN ''YES'' THEN '' WITH GRANT OPTION'' 
    ELSE '''' END FROM INFORMATION_SCHEMA.TABLE_PRIVILEGES 
    WHERE GRANTEE <> ''public'' 
    AND grantee = ''[' + @User + ']'' 

    --Column Level Privileges to the User 
    SELECT ''[?]'', ''GRANT '' + privilege_type + '' ON ['' + table_schema + ''].['' + table_name + ''] ('' + column_name + '') TO ['' + grantee + '']'' + 
    CASE IS_GRANTABLE WHEN ''YES'' THEN '' WITH GRANT OPTION'' 
    ELSE '''' END FROM INFORMATION_SCHEMA.COLUMN_PRIVILEGES 
    WHERE GRANTEE <> ''public'' 
    AND grantee = ''[' + @User + ']''' 

    INSERT INTO #TempSecurables2 
    EXEC master.dbo.sp_MSforeachdb @[email protected] 
END 

DECLARE @tmpstr NVARCHAR(128) 
SET @tmpstr = '** Generated ' + CONVERT (VARCHAR, GETDATE()) + ' on ' + @@SERVERNAME + ' */' 
PRINT @tmpstr 

PRINT CHAR(13) + '--##### Server level Privileges to User or User Group #####' + CHAR(13) 

DECLARE cSC CURSOR FAST_FORWARD FOR SELECT 'USE [master];' + CHAR(10) + RTRIM(ts.[State]) + ' ' + RTRIM(ts.[PermName]) + ' TO ' + QUOTENAME(RTRIM(ts.[User])) + ' ' + RTRIM(ts.[State2]) + ';' + CHAR(10) + 'GO' FROM #TempSecurables ts WHERE RTRIM([Type]) = 'SERVER' 
OPEN cSC 
FETCH NEXT FROM cSC INTO @SC 
WHILE @@FETCH_STATUS = 0 
    BEGIN 
     PRINT @SC 
     FETCH NEXT FROM cSC INTO @SC 
    END 
CLOSE cSC 
DEALLOCATE cSC 

DECLARE cSC CURSOR FAST_FORWARD FOR SELECT 'USE [master];' + CHAR(10) + RTRIM(ts.[State]) + ' ' + RTRIM(ts.[PermName]) + ' ON ' + CASE WHEN RTRIM(ts.[Type]) = 'SERVER_PRINCIPAL' THEN 'LOGIN' ELSE 'ENDPOINT' END + '::' + QUOTENAME(RTRIM(ts.[Grantor])) + ' TO ' + QUOTENAME(RTRIM(ts.[User])) + ' ' +RTRIM(ts.[State2]) + ';' + CHAR(10) + 'GO' FROM #TempSecurables ts WHERE RTRIM([Type]) <> 'SERVER' 
OPEN cSC 
FETCH NEXT FROM cSC INTO @SC 
WHILE @@FETCH_STATUS = 0 
    BEGIN 
     PRINT @SC 
     FETCH NEXT FROM cSC INTO @SC 
    END 
CLOSE cSC 
DEALLOCATE cSC 
DROP TABLE #TempSecurables 

PRINT CHAR(13) + '--##### Procedures/Functions/CLR/Views, Table and Column Level Privileges to the User #####' + CHAR(13) 

DECLARE cSC CURSOR FAST_FORWARD FOR SELECT 'USE ' + ts2.DBName +';' + CHAR(10) + RTRIM(ts2.[State]) + ';' + CHAR(10) + 'GO' FROM #TempSecurables2 ts2 
OPEN cSC 
FETCH NEXT FROM cSC INTO @SC 
WHILE @@FETCH_STATUS = 0 
    BEGIN 
     PRINT @SC 
     FETCH NEXT FROM cSC INTO @SC 
    END 
CLOSE cSC 
DEALLOCATE cSC 

DROP TABLE #TempSecurables2 
GO

Fuente

2012-03-26 12:52:12 scoob

1

que tenían el mismo problema y lo resolvió con Justins sugerencia.

  • Haga clic con el botón derecho en una plantilla/usuario de ejemplo en la sección de la base de datos.
  • Elija properties, securables.
  • Haz un cambio
  • Haz Ctrl + Shift + N para obtener un script del cambio.

Fuente

2013-02-26 14:14:18 user2111543

0

En aquel entonces, creé este pequeño script para consultar los permisos en nuestro servidor. Fue la primera vez que pude hacer uso de cursores de SQL .. :) Espero que esto ayude:

 --cursor 
drop table #permission_report 
--create #temp table 
CREATE TABLE #permission_report 
    (db_name varchar(50), 
    username varchar(50), 
    objectname varchar(100), 
    objectclass varchar(50), 
    permission_name varchar(50), 
    state varchar(50))
 


declare @dbname VARCHAR(50)
 


--declare cursor in order to run on every database on the server 
DECLARE c_dbnames CURSOR FOR 
SELECT name 
FROM sys.databases
 


OPEN c_dbnames
 


FETCH c_dbnames INTO @dbname 
WHILE @@Fetch_Status = 0 
BEGIN 
--Openrowset to select the appropriate columns from system catalog views 
--insert result into #temp table 
--repeat task on every database on server 
    EXEC('INSERT INTO #permission_report(db_name,username,objectname,objectclass,permission_name,state)
 

SELECT '''[email protected]+''',p.name username, o.name objectname, class_desc,permission_name, state_desc 
FROM ' + @dbname +'.sys.database_principals p 
JOIN ' + @dbname +'.sys.database_permissions d ON d.grantee_principal_id = p.principal_id 
JOIN ' + @dbname +'.sys.objects o ON o.object_id = d.major_id where p.name=''Yourdomain\User''') ---checking only EMRSN\USMTN-FF20_Users 

    FETCH c_dbnames INTO @dbname 
END 

CLOSE c_dbnames 
DEALLOCATE c_dbnames 

SELECT * FROM #permission_report

Fuente

2014-08-11 10:52:32 hexyking

Cuestiones relacionadas

 Cuestiones relacionadas