1. 首頁
  2. 問答
  3. 試圖創建GRANT權限腳本

試圖創建GRANT權限腳本

2011-06-02 55 views
0

我試圖爲數據庫創建一個GRANT腳本。試圖創建GRANT權限腳本

數據庫無法使用任何內置角色,因此我需要爲存儲過程重新創建db_reader,db_writer和EXEC到分配給此服務帳戶的GRANT腳本中。

我試圖自動化這個,而不是在數據庫中查看每個項目並手動創建它。

我有這個至今:

/* USER_TABLE */ 
select 'GRANT SELECT, INSERT, UPDATE, DELETE ON dbo.' + name + ' TO [DOMAIN\user]' from sys.objects where type = 'U' order by name; 

/* INTERNAL_TABLE */ 
select 'GRANT SELECT, INSERT, UPDATE, DELETE ON dbo.' + name + ' TO [DOMAIN\user]' from sys.objects where type = 'IT' order by name; 

/* VIEW */ 
select 'GRANT SELECT ON dbo.' + name + ' TO [DOMAIN\user]' from sys.objects where type = 'V' order by name; 

/* SQL_STORED_PROCEDURE */ 
select 'GRANT EXECUTE ON dbo.' + name + ' TO [DOMAIN\user]' from sys.objects where type = 'P' order by name; 

/* SQL_TABLE_VALUED_FUNCTION */ 
select 'GRANT SELECT, INSERT, UPDATE, DELETE ON dbo.' + name + ' TO [DOMAIN\user]' from sys.objects where type = 'TF' order by name; 

/* SQL_SCALAR_FUNCTION */ 
select 'GRANT EXECUTE ON dbo.' + name + ' TO [DOMAIN\user]' from sys.objects where type = 'FN' order by name;

但是,我不能確定什麼樣的權利所有其他項目的需要,即:SERVICE_QUEUE,SQL_TRIGGER等(見下文),另外,如果上面是正確的。

select DISTINCT(type_desc), type as a from sys.objects WHERE type <> 'S';

- 那些我不認爲我需要

  • DEFAULT_CONSTRAINT(d)
  • FOREIGN_KEY_CONSTRAINT(F)
  • PRIMARY_KEY_CONSTRAINT(PK)
  • SERVICE_QUEUE(SQ)
  • UNIQUE_CONSTRAINT(UQ)
  • SQL_TRIGGER(TR)

--The的人,我相信我需要

  • USER_TABLE(U)
  • INTERNAL_TABLE(IT)
  • 查看(V)
  • SQL_STORED_PROCEDURE(P)
  • SQL_TABLE_VALUED_FUNCTION( TF)
  • SQL_SCALAR_FUNCTION(FN)

在此先感謝!

來源

2011-06-02 tcarter2005

回答

5

在我看來,你必須做到以下幾點:

create role [DatabaseUser] 
go 
grant select to [DatabaseUser] 
grant insert to [DatabaseUser] 
grant update to [DatabaseUser] 
grant delete to [DatabaseUser] 
grant execute to [DatabaseUser] 
go

然後,你想給權利給每個用戶,只是做

exec sp_addrolemember 'DatabaseUser', 'DOMAIN\user'

你應該避免添加明確權限對象和用戶。當您使用數據庫角色和模式來安排您需要的安全性時,您會使生活更輕鬆。你可以看看我的博客,還有更多關於這個話題。

問候

彼得

來源

2011-06-02 22:44:56

2

假設所有的對象都在dbo架構的快速和骯髒的方式是這樣的

grant select on schema::dbo to [MyUser] 
grant insert on schema::dbo to [MyUser] 
grant update on schema::dbo to [MyUser] 
grant delete on schema::dbo to [MyUser] 
grant execute on schema::dbo to [MyUser]

這是最好的做法是使用角色雖然

CREATE ROLE MyRole 
GO 
EXEC sp_addrolemember 'MyRole', 'MyUser' 
GO 
grant select on schema::dbo to [MyRole] 
grant insert on schema::dbo to [MyRole] 
grant update on schema::dbo to [MyRole] 
grant delete on schema::dbo to [MyRole] 
grant execute on schema::dbo to [MyRole] 
GO

來源

2011-06-03 04:51:18 gbn

0 
declare @UserInformation table 
(
    LocalId int identity(1,1) not null primary key, 
    GrantToUser nvarchar(20) default null 
); 

DECLARE @SQL nvarchar(4000); 
DECLARE @Owner sysname; 
DECLARE @StoredProcedure sysname; 

DECLARE @GrantToUser varchar(20); 

declare @rowCount int; 
declare @whereAt int; 
declare @howMany int; 

declare @object nvarchar(128); 
DECLARE @RETURN int; 

set nocount on; 

DECLARE cursStoredProcedures CURSOR FAST_FORWARD 
FOR 
SELECT USER_NAME(uid) Owner, [name] StoredProcedure 
FROM sysobjects 
WHERE type in ('P','Fn') order by [name] 

DECLARE mycursor scroll cursor 
FOR 
    select name from sysobjects 
    where type = 'u' 
    order by name; 

DECLARE cursorViews scroll cursor 
FOR 
SELECT name AS view_name 
FROM sys.views 
order by name; 

set nocount on; 

set @GrantToUser = 'UserName1'; 
insert into @UserInformation(GrantToUser) values (@GrantToUser); 
set @GrantToUser = 'UserName2'; 
insert into @UserInformation(GrantToUser) values (@GrantToUser); 
set @GrantToUser = 'UserName2'; 
insert into @UserInformation(GrantToUser) values (@GrantToUser); 

set @rowCount = (select isnull(count(LocalId),0) from @UserInformation); 

if (@rowCount > 0) 
begin 

    set @whereAt = 1; 

    while (@whereAt <= @rowCount) 
    begin 

     select 
      @GrantToUser = GrantToUser 
     from 
      @UserInformation 
     where 
      LocalId = @whereAt; 

     set @SQL = 'if exists(select * from dbo.sysusers where name = ''' + @GrantToUser + ''' and uid < 16382)'; 
     print @SQL; 
     set @SQL = 'begin'; 
     print @SQL; 

     OPEN cursStoredProcedures 

     -- "Prime the pump" and get the first row 
     FETCH NEXT FROM cursStoredProcedures 
     INTO @Owner, @StoredProcedure 

     -- Cycle through the rows of the cursor 
     -- And grant permissions 
     WHILE (@@FETCH_STATUS = 0) 
     BEGIN 

     -- Create the SQL Statement. Since we’re giving 
     -- access to all stored procedures, we have to 
     -- use a two-part naming convention to get the owner. 
     SET @SQL = ' GRANT EXECUTE ON [' + @Owner 
     + '].[' + @StoredProcedure 
     + '] TO [' + @GrantToUser + '];' 

     print @SQL; 

     -- Get the next row 
     FETCH NEXT FROM cursStoredProcedures 
     INTO @Owner, @StoredProcedure 
     END 

     -- Clean-up after the cursor 
     CLOSE cursStoredProcedures 

     open mycursor 
     fetch first from mycursor into @object 

     while @@fetch_status <> -1 
     begin 
      if @@fetch_status <> -2 
      begin 

      set @SQL = ' grant SELECT, INSERT, UPDATE, DELETE on [dbo].['[email protected]+'] to [' + @GrantToUser + '];'; 

      print @SQL; 

      end 
      fetch next from mycursor into @object 
     end 

     close mycursor 

     open cursorViews 
     fetch first from cursorViews into @object 

     while @@fetch_status <> -1 
     begin 
      if @@fetch_status <> -2 
      begin 

      set @SQL = ' grant SELECT on [dbo].['[email protected]+'] to [' + @GrantToUser + '];'; 

      print @SQL; 

      end 
      fetch next from cursorViews into @object 
     end 

     close cursorViews 

     set @SQL = 'end;' 
     print @SQL; 

     set @whereAt = @whereAt + 1; 

    end 

end 

print 'go'; 

set nocount off; 

deallocate cursorViews 
DEALLOCATE cursStoredProcedures 
deallocate mycursor 

go

來源

2013-03-15 18:23:08 Rod

相關問題

 相關問題