API tools faq
paste
Advertisement
mikedopp

ReplicatePermissions.txt

mikedopp
Oct 29th, 2015
133
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
T-SQL 10.98 KB | None | 0 0
raw download clone embed print report
  1. DECLARE @DatabaseUserName [sysname]
  2. SET @DatabaseUserName = 'user_name_goes_here'
  3.  
  4. SET NOCOUNT ON
  5. DECLARE
  6. @errStatement [varchar](8000),
  7. @msgStatement [varchar](8000),
  8. @DatabaseUserID [smallint],
  9. @ServerUserName [sysname],
  10. @RoleName [varchar](8000),
  11. @ObjectID [int],
  12. @ObjectName [varchar](261)
  13.  
  14. SELECT
  15. @DatabaseUserID = [sysusers].[uid],
  16. @ServerUserName = [master].[dbo].[syslogins].[loginname]
  17. FROM [dbo].[sysusers]
  18. INNER JOIN [master].[dbo].[syslogins]
  19. ON [sysusers].[sid] = [master].[dbo].[syslogins].[sid]
  20. WHERE [sysusers].[name] = @DatabaseUserName
  21. IF @DatabaseUserID IS NULL
  22. BEGIN
  23. SET @errStatement = 'User ' + @DatabaseUserName + ' does not exist in ' + DB_NAME() + CHAR(13) +
  24. 'Please provide the name of a current user in ' + DB_NAME() + ' you wish to script.'
  25. RAISERROR(@errStatement, 16, 1)
  26. END
  27. ELSE
  28. BEGIN
  29. SET @msgStatement = '--Security creation script for user ' + @ServerUserName + CHAR(13) +
  30. '--Created At: ' + CONVERT(varchar, GETDATE(), 112) + REPLACE(CONVERT(varchar, GETDATE(), 108), ':', '') + CHAR(13) +
  31. '--Created By: ' + SUSER_NAME() + CHAR(13) +
  32. '--Add User To Database' + CHAR(13) +
  33. 'USE [' + DB_NAME() + ']' + CHAR(13) +
  34. 'EXEC [sp_grantdbaccess]' + CHAR(13) +
  35. CHAR(9) + '@loginame = ''' + @ServerUserName + ''',' + CHAR(13) +
  36. CHAR(9) + '@name_in_db = ''' + @DatabaseUserName + '''' + CHAR(13) +
  37. 'GO' + CHAR(13) +
  38. '--Add User To Roles'
  39. PRINT @msgStatement
  40. DECLARE _sysusers
  41. CURSOR
  42. LOCAL
  43. FORWARD_ONLY
  44. READ_ONLY
  45. FOR
  46. SELECT
  47. [name]
  48. FROM [dbo].[sysusers]
  49. WHERE
  50. [uid] IN
  51. (
  52. SELECT
  53. [groupuid]
  54. FROM [dbo].[sysmembers]
  55. WHERE [memberuid] = @DatabaseUserID
  56. )
  57. OPEN _sysusers
  58. FETCH
  59. NEXT
  60. FROM _sysusers
  61. INTO @RoleName
  62. WHILE @@FETCH_STATUS = 0
  63. BEGIN
  64. SET @msgStatement = 'EXEC [sp_addrolemember]' + CHAR(13) +
  65. CHAR(9) + '@rolename = ''' + @RoleName + ''',' + CHAR(13) +
  66. CHAR(9) + '@membername = ''' + @DatabaseUserName + ''''
  67. PRINT @msgStatement
  68. FETCH
  69. NEXT
  70. FROM _sysusers
  71. INTO @RoleName
  72. END
  73. SET @msgStatement = 'GO' + CHAR(13) +
  74. '--Set Object Specific Permissions'
  75. PRINT @msgStatement
  76. DECLARE _sysobjects
  77. CURSOR
  78. LOCAL
  79. FORWARD_ONLY
  80. READ_ONLY
  81. FOR
  82. SELECT
  83. DISTINCT([sysobjects].[id]),
  84. '[' + USER_NAME([sysobjects].[uid]) + '].[' + [sysobjects].[name] + ']'
  85. FROM [dbo].[sysprotects]
  86. INNER JOIN [dbo].[sysobjects]
  87. ON [sysprotects].[id] = [sysobjects].[id]
  88. WHERE [sysprotects].[uid] = @DatabaseUserID
  89. OPEN _sysobjects
  90. FETCH
  91. NEXT
  92. FROM _sysobjects
  93. INTO
  94. @ObjectID,
  95. @ObjectName
  96. WHILE @@FETCH_STATUS = 0
  97. BEGIN
  98. SET @msgStatement = ''
  99. IF EXISTS(SELECT * FROM [dbo].[sysprotects] WHERE [id] = @ObjectID AND [uid] = @DatabaseUserID AND [action] = 193 AND [protecttype] = 205)
  100. SET @msgStatement = @msgStatement + 'SELECT,'
  101. IF EXISTS(SELECT * FROM [dbo].[sysprotects] WHERE [id] = @ObjectID AND [uid] = @DatabaseUserID AND [action] = 195 AND [protecttype] = 205)
  102. SET @msgStatement = @msgStatement + 'INSERT,'
  103. IF EXISTS(SELECT * FROM [dbo].[sysprotects] WHERE [id] = @ObjectID AND [uid] = @DatabaseUserID AND [action] = 197 AND [protecttype] = 205)
  104. SET @msgStatement = @msgStatement + 'UPDATE,'
  105. IF EXISTS(SELECT * FROM [dbo].[sysprotects] WHERE [id] = @ObjectID AND [uid] = @DatabaseUserID AND [action] = 196 AND [protecttype] = 205)
  106. SET @msgStatement = @msgStatement + 'DELETE,'
  107. IF EXISTS(SELECT * FROM [dbo].[sysprotects] WHERE [id] = @ObjectID AND [uid] = @DatabaseUserID AND [action] = 224 AND [protecttype] = 205)
  108. SET @msgStatement = @msgStatement + 'EXECUTE,'
  109. IF EXISTS(SELECT * FROM [dbo].[sysprotects] WHERE [id] = @ObjectID AND [uid] = @DatabaseUserID AND [action] = 26 AND [protecttype] = 205)
  110. SET @msgStatement = @msgStatement + 'REFERENCES,'
  111. IF LEN(@msgStatement) > 0
  112. BEGIN
  113. IF RIGHT(@msgStatement, 1) = ','
  114. SET @msgStatement = LEFT(@msgStatement, LEN(@msgStatement) - 1)
  115. SET @msgStatement = 'GRANT' + CHAR(13) +
  116. CHAR(9) + @msgStatement + CHAR(13) +
  117. CHAR(9) + 'ON ' + @ObjectName + CHAR(13) +
  118. CHAR(9) + 'TO ' + @DatabaseUserName
  119. PRINT @msgStatement
  120. END
  121. SET @msgStatement = ''
  122. IF EXISTS(SELECT * FROM [dbo].[sysprotects] WHERE [id] = @ObjectID AND [uid] = @DatabaseUserID AND [action] = 193 AND [protecttype] = 206)
  123. SET @msgStatement = @msgStatement + 'SELECT,'
  124. IF EXISTS(SELECT * FROM [dbo].[sysprotects] WHERE [id] = @ObjectID AND [uid] = @DatabaseUserID AND [action] = 195 AND [protecttype] = 206)
  125. SET @msgStatement = @msgStatement + 'INSERT,'
  126. IF EXISTS(SELECT * FROM [dbo].[sysprotects] WHERE [id] = @ObjectID AND [uid] = @DatabaseUserID AND [action] = 197 AND [protecttype] = 206)
  127. SET @msgStatement = @msgStatement + 'UPDATE,'
  128. IF EXISTS(SELECT * FROM [dbo].[sysprotects] WHERE [id] = @ObjectID AND [uid] = @DatabaseUserID AND [action] = 196 AND [protecttype] = 206)
  129. SET @msgStatement = @msgStatement + 'DELETE,'
  130. IF EXISTS(SELECT * FROM [dbo].[sysprotects] WHERE [id] = @ObjectID AND [uid] = @DatabaseUserID AND [action] = 224 AND [protecttype] = 206)
  131. SET @msgStatement = @msgStatement + 'EXECUTE,'
  132. IF EXISTS(SELECT * FROM [dbo].[sysprotects] WHERE [id] = @ObjectID AND [uid] = @DatabaseUserID AND [action] = 26 AND [protecttype] = 206)
  133. SET @msgStatement = @msgStatement + 'REFERENCES,'
  134. IF LEN(@msgStatement) > 0
  135. BEGIN
  136. IF RIGHT(@msgStatement, 1) = ','
  137. SET @msgStatement = LEFT(@msgStatement, LEN(@msgStatement) - 1)
  138. SET @msgStatement = 'DENY' + CHAR(13) +
  139. CHAR(9) + @msgStatement + CHAR(13) +
  140. CHAR(9) + 'ON ' + @ObjectName + CHAR(13) +
  141. CHAR(9) + 'TO ' + @DatabaseUserName
  142. PRINT @msgStatement
  143. END
  144. FETCH
  145. NEXT
  146. FROM _sysobjects
  147. INTO
  148. @ObjectID,
  149. @ObjectName
  150. END
  151. CLOSE _sysobjects
  152. DEALLOCATE _sysobjects
  153. PRINT 'GO'
  154. END
  155.  
  156.  
  157.  
  158.  
  159.  
  160.  
  161.  
  162. DECLARE @DatabaseRoleName [sysname]
  163. --SET @DatabaseRoleName = '{Database Role Name}'
  164. SET @DatabaseRoleName = 'role_name_goes_here'
  165.  
  166. SET NOCOUNT ON
  167. DECLARE
  168. @errStatement [varchar](8000),
  169. @msgStatement [varchar](8000),
  170. @DatabaseRoleID [smallint],
  171. @IsApplicationRole [bit],
  172. @ObjectID [int],
  173. @ObjectName [sysname]
  174.  
  175. SELECT
  176. @DatabaseRoleID = [uid],
  177. @IsApplicationRole = CAST([isapprole] AS bit)
  178. FROM [dbo].[sysusers]
  179. WHERE
  180. [name] = @DatabaseRoleName
  181. AND
  182. (
  183. [issqlrole] = 1
  184. OR [isapprole] = 1
  185. )
  186. AND [name] NOT IN
  187. (
  188. 'public',
  189. 'INFORMATION_SCHEMA',
  190. 'db_owner',
  191. 'db_accessadmin',
  192. 'db_securityadmin',
  193. 'db_ddladmin',
  194. 'db_backupoperator',
  195. 'db_datareader',
  196. 'db_datawriter',
  197. 'db_denydatareader',
  198. 'db_denydatawriter'
  199. )
  200.  
  201. IF @DatabaseRoleID IS NULL
  202. BEGIN
  203. IF @DatabaseRoleName IN
  204. (
  205. 'public',
  206. 'INFORMATION_SCHEMA',
  207. 'db_owner',
  208. 'db_accessadmin',
  209. 'db_securityadmin',
  210. 'db_ddladmin',
  211. 'db_backupoperator',
  212. 'db_datareader',
  213. 'db_datawriter',
  214. 'db_denydatareader',
  215. 'db_denydatawriter'
  216. )
  217. SET @errStatement = 'Role ' + @DatabaseRoleName + ' is a fixed database role and cannot be scripted.'
  218. ELSE
  219. SET @errStatement = 'Role ' + @DatabaseRoleName + ' does not exist in ' + DB_NAME() + '.' + CHAR(13) +
  220. 'Please provide the name of a current role in ' + DB_NAME() + ' you wish to script.'
  221.  
  222. RAISERROR(@errStatement, 16, 1)
  223. END
  224. ELSE
  225. BEGIN
  226. SET @msgStatement = '--Security creation script for role ' + @DatabaseRoleName + CHAR(13) +
  227. '--Created At: ' + CONVERT(varchar, GETDATE(), 112) + REPLACE(CONVERT(varchar, GETDATE(), 108), ':', '') + CHAR(13) +
  228. '--Created By: ' + SUSER_NAME() + CHAR(13) +
  229. '--Add Role To Database' + CHAR(13)
  230. IF @IsApplicationRole = 1
  231. SET @msgStatement = @msgStatement + 'EXEC sp_addapprole' + CHAR(13) +
  232. CHAR(9) + '@rolename = ''' + @DatabaseRoleName + '''' + CHAR(13) +
  233. CHAR(9) + '@password = ''{Please provide the password here}''' + CHAR(13)
  234. ELSE
  235. BEGIN
  236. SET @msgStatement = @msgStatement + 'EXEC sp_addrole' + CHAR(13) +
  237. CHAR(9) + '@rolename ''' + @DatabaseRoleName + '''' + CHAR(13)
  238. PRINT 'GO'
  239. END
  240. SET @msgStatement = @msgStatement + '--Set Object Specific Permissions For Role'
  241. PRINT @msgStatement
  242. DECLARE _sysobjects
  243. CURSOR
  244. LOCAL
  245. FORWARD_ONLY
  246. READ_ONLY
  247. FOR
  248. SELECT
  249. DISTINCT([sysobjects].[id]),
  250. '[' + USER_NAME([sysobjects].[uid]) + '].[' + [sysobjects].[name] + ']'
  251. FROM [dbo].[sysprotects]
  252. INNER JOIN [dbo].[sysobjects]
  253. ON [sysprotects].[id] = [sysobjects].[id]
  254. WHERE [sysprotects].[uid] = @DatabaseRoleID
  255. OPEN _sysobjects
  256. FETCH
  257. NEXT
  258. FROM _sysobjects
  259. INTO
  260. @ObjectID,
  261. @ObjectName
  262. WHILE @@FETCH_STATUS = 0
  263. BEGIN
  264. SET @msgStatement = ''
  265. IF EXISTS(SELECT * FROM [dbo].[sysprotects] WHERE [id] = @ObjectID AND [uid] = @DatabaseRoleID AND [action] = 193 AND [protecttype] = 205)
  266. SET @msgStatement = @msgStatement + 'SELECT,'
  267. IF EXISTS(SELECT * FROM [dbo].[sysprotects] WHERE [id] = @ObjectID AND [uid] = @DatabaseRoleID AND [action] = 195 AND [protecttype] = 205)
  268. SET @msgStatement = @msgStatement + 'INSERT,'
  269. IF EXISTS(SELECT * FROM [dbo].[sysprotects] WHERE [id] = @ObjectID AND [uid] = @DatabaseRoleID AND [action] = 197 AND [protecttype] = 205)
  270. SET @msgStatement = @msgStatement + 'UPDATE,'
  271. IF EXISTS(SELECT * FROM [dbo].[sysprotects] WHERE [id] = @ObjectID AND [uid] = @DatabaseRoleID AND [action] = 196 AND [protecttype] = 205)
  272. SET @msgStatement = @msgStatement + 'DELETE,'
  273. IF EXISTS(SELECT * FROM [dbo].[sysprotects] WHERE [id] = @ObjectID AND [uid] = @DatabaseRoleID AND [action] = 224 AND [protecttype] = 205)
  274. SET @msgStatement = @msgStatement + 'EXECUTE,'
  275. IF EXISTS(SELECT * FROM [dbo].[sysprotects] WHERE [id] = @ObjectID AND [uid] = @DatabaseRoleID AND [action] = 26 AND [protecttype] = 205)
  276. SET @msgStatement = @msgStatement + 'REFERENCES,'
  277. IF LEN(@msgStatement) > 0
  278. BEGIN
  279. IF RIGHT(@msgStatement, 1) = ','
  280. SET @msgStatement = LEFT(@msgStatement, LEN(@msgStatement) - 1)
  281. SET @msgStatement = 'GRANT' + CHAR(13) +
  282. CHAR(9) + @msgStatement + CHAR(13) +
  283. CHAR(9) + 'ON ' + @ObjectName + CHAR(13) +
  284. CHAR(9) + 'TO ' + @DatabaseRoleName
  285. PRINT @msgStatement
  286. END
  287. SET @msgStatement = ''
  288. IF EXISTS(SELECT * FROM [dbo].[sysprotects] WHERE [id] = @ObjectID AND [uid] = @DatabaseRoleID AND [action] = 193 AND [protecttype] = 206)
  289. SET @msgStatement = @msgStatement + 'SELECT,'
  290. IF EXISTS(SELECT * FROM [dbo].[sysprotects] WHERE [id] = @ObjectID AND [uid] = @DatabaseRoleID AND [action] = 195 AND [protecttype] = 206)
  291. SET @msgStatement = @msgStatement + 'INSERT,'
  292. IF EXISTS(SELECT * FROM [dbo].[sysprotects] WHERE [id] = @ObjectID AND [uid] = @DatabaseRoleID AND [action] = 197 AND [protecttype] = 206)
  293. SET @msgStatement = @msgStatement + 'UPDATE,'
  294. IF EXISTS(SELECT * FROM [dbo].[sysprotects] WHERE [id] = @ObjectID AND [uid] = @DatabaseRoleID AND [action] = 196 AND [protecttype] = 206)
  295. SET @msgStatement = @msgStatement + 'DELETE,'
  296. IF EXISTS(SELECT * FROM [dbo].[sysprotects] WHERE [id] = @ObjectID AND [uid] = @DatabaseRoleID AND [action] = 224 AND [protecttype] = 206)
  297. SET @msgStatement = @msgStatement + 'EXECUTE,'
  298. IF EXISTS(SELECT * FROM [dbo].[sysprotects] WHERE [id] = @ObjectID AND [uid] = @DatabaseRoleID AND [action] = 26 AND [protecttype] = 206)
  299. SET @msgStatement = @msgStatement + 'REFERENCES,'
  300. IF LEN(@msgStatement) > 0
  301. BEGIN
  302. IF RIGHT(@msgStatement, 1) = ','
  303. SET @msgStatement = LEFT(@msgStatement, LEN(@msgStatement) - 1)
  304. SET @msgStatement = 'DENY' + CHAR(13) +
  305. CHAR(9) + @msgStatement + CHAR(13) +
  306. CHAR(9) + 'ON ' + @ObjectName + CHAR(13) +
  307. CHAR(9) + 'TO ' + @DatabaseRoleName
  308. PRINT @msgStatement
  309. END
  310. FETCH
  311. NEXT
  312. FROM _sysobjects
  313. INTO
  314. @ObjectID,
  315. @ObjectName
  316. END
  317. CLOSE _sysobjects
  318. DEALLOCATE _sysobjects
  319. PRINT 'GO'
  320. END
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!