回答
与使用SQL Server Management Studio的任何SQL服务器一样,如果您不确定如何执行特定的操作(即在线查看书籍,但无法完全弄清楚),则可以使用“脚本操作”查询窗口“对话框中的”脚本“下拉列表非常有用。
通过使用GUI工具,然后检查生成的脚本,您可以快速了解如何执行更复杂的事情,而您在完成它们的加载之前无法将其保存在内存中。
您可以根据需要修改对象选择的where子句。如果你正在寻找2005年或2008年的脚本,应该是最小的tweeking。
/注意! /这个脚本可能有点危险。
Declare @TableName varchar(100),
@Sql nvarchar(500),
@Result int,
@UserName nvarchar(258)
set @UserName= QuoteName('<your_user>')
Print @UserName
DECLARE
Your_Cursor cursor
LOCAL
FORWARD_ONLY
OPTIMISTIC
FOR
/* if you only want one object to apply permissions to*/
-- select Name from Sysobjects where name = 'Your_TableName'
/*tables*/-- select name from sysobjects where xtype = 'U' order by name
/*views*/-- select name from sysobjects where xtype = 'V' order by name
/*StoredPs*/-- select name from sysobjects where xtype = 'P' order by name
/*UDFs*/-- select name from sysobjects where xtype = 'FN' order by name
/**********************************************************************/
OPEN Your_Cursor
FETCH NEXT from Your_Cursor into @TableName
while (@@fetch_status = 0)
begin
/*Tables*/
-- set @Sql = N'Grant Select On '+ @TableName+ N' To ' + @UserName
-- set exec @Result = sp_executeSql @Sql
-- if @Result = 0
-- begin
-- Print 'Granted Select On '+ @TableName + ' by ' + @UserName
-- end
-- set @Sql = N'Grant Insert On '+ @TableName+ N' To ' + @UserName
-- set exec @Result = sp_executeSql @Sql
-- if @Result = 0
-- begin
-- Print 'Granted Insert On '+ @TableName + ' by ' + @UserName
-- end
-- set @Sql = N'Grant Update On '+ @TableName+ N' To '+ @UserName
-- set exec @Result = sp_executeSql @Sql
-- if @Result = 0
-- begin
-- Print 'Granted Update On '+ @TableName + ' by ' + @UserName
-- end
-- set @Sql = N'Grant Delete On '+ @TableName+ N' To '+ @UserName
-- set exec @Result = sp_executeSql @Sql
-- if @Result = 0
-- begin
-- Print 'Granted Delete On '+ @TableName + ' by ' + @UserName
-- end
/*Stored Procs and UDFs*/
-- set @Sql = N'Grant Execute On '+ @TableName+ N' To '+ @UserName
-- set exec @Result = sp_executeSql @Sql
-- if @Result = 0
-- begin
-- Print 'Granted Execute On '+ @TableName + ' by ' + @UserName
-- end
FETCH NEXT from your_Cursor into @TableName
end
CLOSE Your_Cursor
DEALLOCATE Your_Cursor
来自RYU的链接已经死亡。
发现了另一个脚本,在这里做这项工作:
http://blogs.msdn.com/b/blogdoezequiel/archive/2010/04/26/the-sql-swiss-army-knife-1.aspx
在情况下,它不会消亡那就是:
IF EXISTS (SELECT * FROM dbo.sysobjects WHERE id = OBJECT_ID(N'[dbo].[usp_SecurCreation]') AND OBJECTPROPERTY(id, N'IsProcedure') = 1)
DROP PROCEDURE [dbo].[usp_SecurCreation]
GO
CREATE PROCEDURE usp_SecurCreation @User NVARCHAR(128) = NULL, @DB NVARCHAR(256) = NULL
WITH ENCRYPTION
AS
--
-- Does not deal with CERTIFICATE_MAPPED_LOGIN and ASYMMETRIC_KEY_MAPPED_LOGIN types
--
-- All users: EXEC usp_SecurCreation
--
-- One user, All DBs: EXEC usp_SecurCreation '<User>'
--
-- One user, One DBs: EXEC usp_SecurCreation '<User>', '<DBName>'
--
-- All users, One DBs: EXEC usp_SecurCreation NULL, '<DBName>'
--
SET NOCOUNT ON
DECLARE @SC NVARCHAR(4000), @SCUser NVARCHAR(4000), @SCDB NVARCHAR(4000)
CREATE TABLE #TempSecurables ([State] VARCHAR(100),
[State2] VARCHAR(100),
[PermName] VARCHAR(100),
[Type] NVARCHAR(60),
[Grantor] VARCHAR(100),
[User] VARCHAR(100)
)
CREATE TABLE #TempSecurables2 ([DBName] sysname,
[State] VARCHAR(1000)
)
IF @User IS NULL AND @DB IS NULL
BEGIN
--Server level Privileges to User or User Group
INSERT INTO #TempSecurables
SELECT CASE CAST(p.state AS VARCHAR(100)) WHEN 'D' THEN 'DENY' WHEN 'R' THEN 'REVOKE' WHEN 'G' THEN 'GRANT' WHEN 'W' THEN 'GRANT' END,
CASE CAST(p.state AS VARCHAR(100)) WHEN 'W' THEN 'WITH GRANT OPTION' ELSE '' END, CAST(p.permission_name AS VARCHAR(100)), RTRIM(p.class_desc),
(SELECT [name] FROM sys.server_principals WHERE principal_id = p.grantor_principal_id), CAST(l.name AS VARCHAR(100))
FROM sys.server_permissions p JOIN sys.server_principals l
ON p.grantee_principal_id = l.principal_id
AND l.is_disabled = 0
AND l.type IN ('S', 'U', 'G', 'R')
INSERT INTO #TempSecurables2
EXEC master.dbo.sp_MSforeachdb @command1='USE [?]
--Privileges for Procedures/Functions/CLR/Views to the User
SELECT ''[?]'', CASE WHEN (b.state_desc COLLATE database_default) = ''GRANT_WITH_GRANT_OPTION'' THEN ''GRANT'' ELSE (b.state_desc COLLATE database_default) END + '' EXECUTE ON ['' + c.name + ''].['' + a.name + ''] TO '' + QUOTENAME(USER_NAME(b.grantee_principal_id)) +
CASE STATE WHEN ''W'' THEN '' WITH GRANT OPTION''
ELSE '''' END FROM sys.all_objects a, sys.database_permissions b, sys.schemas c
WHERE a.OBJECT_ID = b.major_id AND a.type IN (''X'',''P'',''FN'',''AF'',''FS'',''FT'') AND b.grantee_principal_id <>0
AND b.grantee_principal_id <>2 AND a.schema_id = c.schema_id
ORDER BY c.name
--Table and View Level Privileges to the User
SELECT ''[?]'', ''GRANT '' + privilege_type + '' ON ['' + table_schema + ''].['' + table_name + ''] TO ['' + grantee + '']'' +
CASE IS_GRANTABLE WHEN ''YES'' THEN '' WITH GRANT OPTION''
ELSE '''' END FROM INFORMATION_SCHEMA.TABLE_PRIVILEGES
WHERE GRANTEE <> ''public''
--Column Level Privileges to the User
SELECT ''[?]'', ''GRANT '' + privilege_type + '' ON ['' + table_schema + ''].['' + table_name + ''] ('' + column_name + '') TO ['' + grantee + '']'' +
CASE IS_GRANTABLE WHEN ''YES'' THEN '' WITH GRANT OPTION''
ELSE '''' END FROM INFORMATION_SCHEMA.COLUMN_PRIVILEGES
WHERE GRANTEE <> ''public'''
END
ELSE IF @User IS NULL AND @DB IS NOT NULL
BEGIN
--Server level Privileges to User or User Group
INSERT INTO #TempSecurables
SELECT CASE CAST(p.state AS VARCHAR(100)) WHEN 'D' THEN 'DENY' WHEN 'R' THEN 'REVOKE' WHEN 'G' THEN 'GRANT' WHEN 'W' THEN 'GRANT' END,
CASE CAST(p.state AS VARCHAR(100)) WHEN 'W' THEN 'WITH GRANT OPTION' ELSE '' END, CAST(p.permission_name AS VARCHAR(100)), RTRIM(p.class_desc),
(SELECT [name] FROM sys.server_principals WHERE principal_id = p.grantor_principal_id), CAST(l.name AS VARCHAR(100))
FROM sys.server_permissions AS p JOIN sys.server_principals AS l
ON p.grantee_principal_id = l.principal_id
AND l.is_disabled = 0
AND l.type IN ('S', 'U', 'G', 'R')
SET @SCDB='USE [' + @DB + ']
--Privileges for Procedures/Functions/CLR/Views to the User
SELECT ''[' + @DB + ']'', CASE WHEN (b.state_desc COLLATE database_default) = ''GRANT_WITH_GRANT_OPTION'' THEN ''GRANT'' ELSE (b.state_desc COLLATE database_default) END + '' EXECUTE ON ['' + c.name + ''].['' + a.name + ''] TO '' + QUOTENAME(USER_NAME(b.grantee_principal_id)) +
CASE STATE WHEN ''W'' THEN '' WITH GRANT OPTION''
ELSE '''' END FROM sys.all_objects a, sys.database_permissions b, sys.schemas c
WHERE a.OBJECT_ID = b.major_id AND a.type IN (''X'',''P'',''FN'',''AF'',''FS'',''FT'') AND b.grantee_principal_id <>0
AND b.grantee_principal_id <>2 AND a.schema_id = c.schema_id
ORDER BY c.name
--Table and View Level Privileges to the User
SELECT ''[' + @DB + ']'', ''GRANT '' + privilege_type + '' ON ['' + table_schema + ''].['' + table_name + ''] TO ['' + grantee + '']'' +
CASE IS_GRANTABLE WHEN ''YES'' THEN '' WITH GRANT OPTION''
ELSE '''' END FROM INFORMATION_SCHEMA.TABLE_PRIVILEGES
WHERE GRANTEE <> ''public''
--Column Level Privileges to the User
SELECT ''[' + @DB + ']'', ''GRANT '' + privilege_type + '' ON ['' + table_schema + ''].['' + table_name + ''] ('' + column_name + '') TO ['' + grantee + '']'' +
CASE IS_GRANTABLE WHEN ''YES'' THEN '' WITH GRANT OPTION''
ELSE '''' END FROM INFORMATION_SCHEMA.COLUMN_PRIVILEGES
WHERE GRANTEE <> ''public'''
INSERT INTO #TempSecurables2
EXEC master..sp_executesql @SCDB
END
ELSE IF @User IS NOT NULL AND @DB IS NOT NULL
BEGIN
--Server level Privileges to User or User Group
INSERT INTO #TempSecurables
SELECT CASE CAST(p.state AS VARCHAR(100)) WHEN 'D' THEN 'DENY' WHEN 'R' THEN 'REVOKE' WHEN 'G' THEN 'GRANT' WHEN 'W' THEN 'GRANT' END,
CASE CAST(p.state AS VARCHAR(100)) WHEN 'W' THEN 'WITH GRANT OPTION' ELSE '' END, CAST(p.permission_name AS VARCHAR(100)), RTRIM(p.class_desc),
(SELECT [name] FROM sys.server_principals WHERE principal_id = p.grantor_principal_id), CAST(l.name AS VARCHAR(100))
FROM sys.server_permissions AS p JOIN sys.server_principals AS l
ON p.grantee_principal_id = l.principal_id
AND l.is_disabled = 0
AND l.type IN ('S', 'U', 'G', 'R')
AND QUOTENAME(l.name) = QUOTENAME(@User)
SET @SCDB='USE [' + @DB + ']
--Privileges for Procedures/Functions/CLR/Views to the User
SELECT ''[' + @DB + ']'', CASE WHEN (b.state_desc COLLATE database_default) = ''GRANT_WITH_GRANT_OPTION'' THEN ''GRANT'' ELSE (b.state_desc COLLATE database_default) END + '' EXECUTE ON ['' + c.name + ''].['' + a.name + ''] TO '' + QUOTENAME(USER_NAME(b.grantee_principal_id)) +
CASE STATE WHEN ''W'' THEN '' WITH GRANT OPTION''
ELSE '''' END FROM sys.all_objects a, sys.database_permissions b, sys.schemas c
WHERE a.OBJECT_ID = b.major_id AND a.type IN (''X'',''P'',''FN'',''AF'',''FS'',''FT'') AND b.grantee_principal_id <>0
AND b.grantee_principal_id <>2 AND a.schema_id = c.schema_id
AND QUOTENAME(USER_NAME(b.grantee_principal_id)) = ''[' + @User + ']''
ORDER BY c.name
--Table and View Level Privileges to the User
SELECT ''[' + @DB + ']'', ''GRANT '' + privilege_type + '' ON ['' + table_schema + ''].['' + table_name + ''] TO ['' + grantee + '']'' +
CASE IS_GRANTABLE WHEN ''YES'' THEN '' WITH GRANT OPTION''
ELSE '''' END FROM INFORMATION_SCHEMA.TABLE_PRIVILEGES
WHERE GRANTEE <> ''public''
AND grantee = ''[' + @User + ']''
--Column Level Privileges to the User
SELECT ''[' + @DB + ']'', ''GRANT '' + privilege_type + '' ON ['' + table_schema + ''].['' + table_name + ''] ('' + column_name + '') TO ['' + grantee + '']'' +
CASE IS_GRANTABLE WHEN ''YES'' THEN '' WITH GRANT OPTION''
ELSE '''' END FROM INFORMATION_SCHEMA.COLUMN_PRIVILEGES
WHERE GRANTEE <> ''public''
AND grantee = ''[' + @User + ']'''
INSERT INTO #TempSecurables2
EXEC master..sp_executesql @SCDB
END
ELSE
BEGIN
--Server level Privileges to User or User Group
INSERT INTO #TempSecurables
SELECT CASE CAST(p.state AS VARCHAR(100)) WHEN 'D' THEN 'DENY' WHEN 'R' THEN 'REVOKE' WHEN 'G' THEN 'GRANT' WHEN 'W' THEN 'GRANT' END,
CASE CAST(p.state AS VARCHAR(100)) WHEN 'W' THEN 'WITH GRANT OPTION' ELSE '' END, CAST(p.permission_name AS VARCHAR(100)), RTRIM(p.class_desc),
(SELECT [name] FROM sys.server_principals WHERE principal_id = p.grantor_principal_id), CAST(l.name AS VARCHAR(100))
FROM sys.server_permissions p JOIN sys.server_principals l
ON p.grantee_principal_id = l.principal_id
AND l.is_disabled = 0
AND l.type IN ('S', 'U', 'G', 'R')
AND QUOTENAME(l.name) = QUOTENAME(@User)
SET @SCUser = 'USE [?]
--Privileges for Procedures/Functions/CLR/Views to the User
SELECT ''[?]'', CASE WHEN (b.state_desc COLLATE database_default) = ''GRANT_WITH_GRANT_OPTION'' THEN ''GRANT'' ELSE (b.state_desc COLLATE database_default) END + '' EXECUTE ON ['' + c.name + ''].['' + a.name + ''] TO '' + QUOTENAME(USER_NAME(b.grantee_principal_id)) +
CASE STATE WHEN ''W'' THEN '' WITH GRANT OPTION''
ELSE '''' END FROM sys.all_objects a, sys.database_permissions b, sys.schemas c
WHERE a.OBJECT_ID = b.major_id AND a.type IN (''X'',''P'',''FN'',''AF'',''FS'',''FT'') AND b.grantee_principal_id <>0
AND b.grantee_principal_id <>2 AND a.schema_id = c.schema_id
AND QUOTENAME(USER_NAME(b.grantee_principal_id)) = ''[' + @User + ']''
ORDER BY c.name
--Table and View Level Privileges to the User
SELECT ''[?]'', ''GRANT '' + privilege_type + '' ON ['' + table_schema + ''].['' + table_name + ''] TO ['' + grantee + '']'' +
CASE IS_GRANTABLE WHEN ''YES'' THEN '' WITH GRANT OPTION''
ELSE '''' END FROM INFORMATION_SCHEMA.TABLE_PRIVILEGES
WHERE GRANTEE <> ''public''
AND grantee = ''[' + @User + ']''
--Column Level Privileges to the User
SELECT ''[?]'', ''GRANT '' + privilege_type + '' ON ['' + table_schema + ''].['' + table_name + ''] ('' + column_name + '') TO ['' + grantee + '']'' +
CASE IS_GRANTABLE WHEN ''YES'' THEN '' WITH GRANT OPTION''
ELSE '''' END FROM INFORMATION_SCHEMA.COLUMN_PRIVILEGES
WHERE GRANTEE <> ''public''
AND grantee = ''[' + @User + ']'''
INSERT INTO #TempSecurables2
EXEC master.dbo.sp_MSforeachdb @[email protected]
END
DECLARE @tmpstr NVARCHAR(128)
SET @tmpstr = '** Generated ' + CONVERT (VARCHAR, GETDATE()) + ' on ' + @@SERVERNAME + ' */'
PRINT @tmpstr
PRINT CHAR(13) + '--##### Server level Privileges to User or User Group #####' + CHAR(13)
DECLARE cSC CURSOR FAST_FORWARD FOR SELECT 'USE [master];' + CHAR(10) + RTRIM(ts.[State]) + ' ' + RTRIM(ts.[PermName]) + ' TO ' + QUOTENAME(RTRIM(ts.[User])) + ' ' + RTRIM(ts.[State2]) + ';' + CHAR(10) + 'GO' FROM #TempSecurables ts WHERE RTRIM([Type]) = 'SERVER'
OPEN cSC
FETCH NEXT FROM cSC INTO @SC
WHILE @@FETCH_STATUS = 0
BEGIN
PRINT @SC
FETCH NEXT FROM cSC INTO @SC
END
CLOSE cSC
DEALLOCATE cSC
DECLARE cSC CURSOR FAST_FORWARD FOR SELECT 'USE [master];' + CHAR(10) + RTRIM(ts.[State]) + ' ' + RTRIM(ts.[PermName]) + ' ON ' + CASE WHEN RTRIM(ts.[Type]) = 'SERVER_PRINCIPAL' THEN 'LOGIN' ELSE 'ENDPOINT' END + '::' + QUOTENAME(RTRIM(ts.[Grantor])) + ' TO ' + QUOTENAME(RTRIM(ts.[User])) + ' ' +RTRIM(ts.[State2]) + ';' + CHAR(10) + 'GO' FROM #TempSecurables ts WHERE RTRIM([Type]) <> 'SERVER'
OPEN cSC
FETCH NEXT FROM cSC INTO @SC
WHILE @@FETCH_STATUS = 0
BEGIN
PRINT @SC
FETCH NEXT FROM cSC INTO @SC
END
CLOSE cSC
DEALLOCATE cSC
DROP TABLE #TempSecurables
PRINT CHAR(13) + '--##### Procedures/Functions/CLR/Views, Table and Column Level Privileges to the User #####' + CHAR(13)
DECLARE cSC CURSOR FAST_FORWARD FOR SELECT 'USE ' + ts2.DBName +';' + CHAR(10) + RTRIM(ts2.[State]) + ';' + CHAR(10) + 'GO' FROM #TempSecurables2 ts2
OPEN cSC
FETCH NEXT FROM cSC INTO @SC
WHILE @@FETCH_STATUS = 0
BEGIN
PRINT @SC
FETCH NEXT FROM cSC INTO @SC
END
CLOSE cSC
DEALLOCATE cSC
DROP TABLE #TempSecurables2
GO
我有同样的问题,并与Justins建议解决它。
- 右键单击数据库配置单元中的模板/示例用户。
- 选择
properties
,securables
。 - 进行更改
- 按Ctrl + Shift + N可以获取更改的脚本。
那时我创建了这个小脚本来查询服务器的权限。这是我第一次可以利用SQL游标.. :)希望这有助于:
--cursor drop table #permission_report --create #temp table CREATE TABLE #permission_report (db_name varchar(50), username varchar(50), objectname varchar(100), objectclass varchar(50), permission_name varchar(50), state varchar(50))declare @dbname VARCHAR(50)
--declare cursor in order to run on every database on the server DECLARE c_dbnames CURSOR FOR SELECT name FROM sys.databases
OPEN c_dbnames
FETCH c_dbnames INTO @dbname WHILE @@Fetch_Status = 0 BEGIN --Openrowset to select the appropriate columns from system catalog views --insert result into #temp table --repeat task on every database on server EXEC('INSERT INTO #permission_report(db_name,username,objectname,objectclass,permission_name,state)
SELECT '''[email protected]+''',p.name username, o.name objectname, class_desc,permission_name, state_desc FROM ' + @dbname +'.sys.database_principals p JOIN ' + @dbname +'.sys.database_permissions d ON d.grantee_principal_id = p.principal_id JOIN ' + @dbname +'.sys.objects o ON o.object_id = d.major_id where p.name=''Yourdomain\User''') ---checking only EMRSN\USMTN-FF20_Users FETCH c_dbnames INTO @dbname END CLOSE c_dbnames DEALLOCATE c_dbnames SELECT * FROM #permission_report
- 1. SQL Server 2012安全措施
- 2. 将值传递给URL,安全措施
- 3. MVC 5安全措施
- 4. php图像安全措施
- 5. 措施命令:措施python脚本的执行时间
- 6. 强大的安全防范措施
- 7. 的安全预防措施与AJAX
- 8. 网站搜索的安全措施
- 9. Apache Hive的安全措施是什么
- 10. 在线测试安全措施
- 11. 安全措施阅读邮件
- 12. 将数据库拆分为合法的安全措施?
- 13. 分组SSAS措施
- 14. 安全措施其中会涉及用户个人信息
- 15. 安装Chef(12)后,与'pivotal'用户有关的安全预防措施?
- 16. 是否有任何抵御暴力攻击的安全措施?
- 17. 打开不安全文件时,PyPDF2是否采取任何安全措施?
- 18. 可以采用哪些SQL Server 05/08安全措施来防止SQL注入?
- 19. PHP帐户安全
- 20. 如何将struts 2值分配给java脚本全局变量?
- 21. 如何自动添加指针解引用的保护措施?
- 22. 如何Ajax回调分配给脚本
- 23. 如何通过PowerShell将用户权限分配给本地用户帐户?
- 24. 相关的安全计划危害和预防措施Sql查询BIRT报告
- 25. 配置集成安全帐户用于SQL Server 2008
- 26. 网站的不同安全措施(HTTP头等)
- 27. 在cgi-bin中运行python的安全防范措施
- 28. 什么是当前文件上传的安全措施?
- 29. 控制访问Web服务/ API的安全措施
- 30. 什么是社区网站的安全措施?
你的用户分配权限的安全对象已与您要生成的GRANT语句? – 2009-10-01 04:55:36
是的,但自动。就像“脚本>创建表” – 2009-10-01 15:25:57