Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- USE abc
- Create ROLE db_exec
- go
- GRANT EXECUTE TO db_exec
- go
- EXEC sp_addrolemember 'db_exec', 'abc_user'
- go
- use master
- go
- grant exec on sp_OACreate to abc_user
- GO
- SELECT *
- FROM master.sys.database_permissions [dp]
- JOIN master.sys.system_objects [so] ON dp.major_id = so.object_id
- JOIN master.sys.sysusers [usr] ON
- usr.uid = dp.grantee_principal_id AND usr.name = 'abc_user'
- WHERE permission_name = 'EXECUTE' AND so.name = 'sp_OACreate'
- use master
- grant exec on sp_OACreate to yourSecObject
- grant exec on sp_OADestroy to yourSecObject --Optional
- grant exec on sp_OAMethod to yourSecObject
- The EXECUTE permission was denied on the object 'xp_cmdshell', database 'mssqlsystemresource', schema 'sys'.
- The EXECUTE permission was denied on the object 'sp_OACreate', database 'mssqlsystemresource', schema 'sys'.
- The EXECUTE permission was denied on the object 'sp_OAMethod', database 'mssqlsystemresource', schema 'sys'.
- The EXECUTE permission was denied on the object 'sp_OAMethod', database 'mssqlsystemresource', schema 'sys'.
- The EXECUTE permission was denied on the object 'sp_OAMethod', database 'mssqlsystemresource', schema 'sys'.
- The EXECUTE permission was denied on the object 'sp_OAGetProperty', database 'mssqlsystemresource', schema 'sys'.
- The EXECUTE permission was denied on the object 'sp_OAGetProperty', database 'mssqlsystemresource', schema 'sys'.
- The EXECUTE permission was denied on the object 'sp_OADestroy', database 'mssqlsystemresource', schema 'sys'.
- EXEC sp_configure 'show advanced options', 1
- GO
- RECONFIGURE
- GO
- EXEC sp_configure 'xp_cmdshell', 1
- GO
- EXEC sp_configure 'show advanced options', 0
- GO
- RECONFIGURE
- GO
- use [master]
- GO
- GRANT EXECUTE ON [sys].[xp_cmdshell] TO [DOMAINusername];
- GRANT EXECUTE ON [sys].[sp_OACreate] TO [DOMAINusername];
- GRANT EXECUTE ON [sys].[sp_OADestroy] TO [DOMAINusername];
- GRANT EXECUTE ON [sys].[sp_OAGetErrorInfo] TO [DOMAINusername];
- GRANT EXECUTE ON [sys].[sp_OAGetProperty] TO [DOMAINusername];
- GRANT EXECUTE ON [sys].[sp_OAMethod] TO [DOMAINusername];
- GRANT EXECUTE ON [sys].[sp_OAStop] TO [DOMAINusername];
- GRANT EXECUTE ON [sys].[sp_OASetProperty] TO [DOMAINusername];
- GO
- SELECT *
- FROM master.sys.database_permissions [dp]
- JOIN master.sys.system_objects [so] ON dp.major_id = so.object_id
- JOIN master.sys.sysusers [usr] ON usr.uid = dp.grantee_principal_id AND usr.name = 'DOMAINusername'
- WHERE permission_name = 'EXECUTE'
- AND (so.name = 'xp_cmdshell'
- OR so.name = 'sp_OACreate'
- OR so.name = 'sp_OADestroy'
- OR so.name = 'sp_OAGetErrorInfo'
- OR so.name = 'sp_OAGetProperty'
- OR so.name = 'sp_OAMethod'
- OR so.name = 'sp_OAStop'
- OR so.name = 'sp_OASetProperty')
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement