[推荐](T-SQL) 得到一个给定用户使用了的权限脚本-白红宇

[推荐](T-SQL) 得到一个给定用户使用了的权限脚本

阅读量：5775 次

发布时间：2019-06-18

本文共 7539 字，大约阅读时间需要 25 分钟。

[推荐] 得到一个给定用户使用了的权限脚本

——通过知识共享树立个人品牌。

得到一个给定用户使用了的权限脚本，直接上代码，自己研究。

SET ANSI_NULLS ON

SET QUOTED_IDENTIFIER ON

CREATE PROCEDURE [dbo].[p_user_permissions_script_get]

-----------------------------------------------------------

-- OBJECT NAME :dbo.p_user_permissions_script_get

-- AUTHOR: EricHu

-- DATE: 01/05/2012

-- INPUT PARAMETERS:

@userName VARCHAR(500)

-- OUTPUT PARAMETERS: none

-- DEPENDENCIES: none

-- DESCRIPTION: Used to script out permissions for a given user

-- MODIFICATION HISTORY:

-------------------------------------------------------------

SET NOCOUNT ON

DECLARE @DatabaseUserName [SYSNAME];

SET @DatabaseUserName = @userName;

DECLARE @errStatement VARCHAR(1000),

@msgStatement VARCHAR(1000),

@DatabaseUserID SMALLINT,

@ServerUserName SYSNAME,

@RoleName VARCHAR(1000),

@ObjectID INT,

@ObjectName VARCHAR(1000),

@StateDesc VARCHAR(1000),

@permissionName VARCHAR(1000)

SELECT @DatabaseUserID = su.[uid],

@ServerUserName = sl.[loginname]

FROM dbo.[sysusers] su

INNER JOIN [master].dbo.[syslogins] sl

ON su.[sid] = sl.[sid]

WHERE su.[name] = @DatabaseUserName

IF @DatabaseUserID IS NULL

BEGIN

SET @errStatement = 'User ' + @DatabaseUserName + ' does not exist in ' + DB_NAME()

+ CHAR(13) + 'Please provide the name of a current user in ' + DB_NAME()

+ ' you wish to script.'

RAISERROR(@errStatement,

16,

END

ELSE

BEGIN

SET @msgStatement = '--Security creation script for user ' + @ServerUserName + CHAR(13)

+ '--Created At: ' + CONVERT(VARCHAR, GETDATE(), 100)

+ REPLACE(CONVERT(VARCHAR, GETDATE(), 108), ':', '') + CHAR(13)

+ '--Created By: ' + SUSER_NAME() + CHAR(13) + '--Add User To Database'

+ CHAR(13) + 'USE [' + DB_NAME() + ']' + CHAR(13)

+ 'EXEC [sp_grantdbaccess]' + CHAR(13) + CHAR(9)

+ '@loginame = ''' + @ServerUserName + ''',' + CHAR(13) + CHAR(9)

+ '@name_in_db = ''' + @DatabaseUserName + '''' + ';'+ CHAR(13) + 'GO'

+ CHAR(13) + '--Add User To Roles'

PRINT @msgStatement

DECLARE _sysusers CURSOR LOCAL FORWARD_ONLY READ_ONLY FOR

SELECT [name]

FROM [dbo].[sysusers]

WHERE [uid] IN (SELECT [groupuid]

FROM [dbo].[sysmembers]

WHERE [memberuid] = @DatabaseUserID)

OPEN _sysusers

FETCH NEXT FROM _sysusers INTO @RoleName

WHILE @@FETCH_STATUS = 0

BEGIN

SET @msgStatement = 'EXEC [sp_addrolemember]' + CHAR(13) + CHAR(9) + '@rolename = '''

+ @RoleName + ''',' + CHAR(13) + CHAR(9) + '@membername = '''

+ @DatabaseUserName + '''' + ';' ;

PRINT @msgStatement

FETCH NEXT FROM _sysusers INTO @RoleName

END

CLOSE _sysusers;

DEALLOCATE _sysusers;

--Database level perms;

PRINT '--Set Database level Permissions';

DECLARE _databaselevelperms CURSOR LOCAL FORWARD_ONLY READ_ONLY FOR

SELECT

sdp.state_desc,

sdp.permission_name

FROM

sys.database_permissions sdp WITH(NOLOCK)

JOIN sysusers su WITH(NOLOCK)

ON su.uid = sdp.grantee_principal_id

WHERE

su.name = @userName

AND sdp.class_desc = 'DATABASE';

OPEN _databaselevelperms;

FETCH NEXT FROM _databaselevelperms INTO @StateDesc, @PermissionName;

WHILE @@FETCH_STATUS = 0

BEGIN

PRINT @StateDesc + CHAR(13) + CHAR(9) + @PermissionName + CHAR(13) + CHAR(9)

+ 'TO ' + @userName + ';';

FETCH NEXT FROM _databaselevelperms INTO @StateDesc, @PermissionName

END

CLOSE _databaselevelperms;

DEALLOCATE _databaselevelperms;

SET @msgStatement = 'GO' + CHAR(13) + '--Set Object Specific Permissions'

PRINT @msgStatement;

DECLARE _sysobjects CURSOR LOCAL FORWARD_ONLY READ_ONLY FOR

SELECT DISTINCT( [sysobjects].[id] ),

'[' + USER_NAME([sysobjects].[uid]) + '].[' + [sysobjects].[name] + ']'

FROM [dbo].[sysprotects]

INNER JOIN [dbo].[sysobjects]

ON [sysprotects].[id] = [sysobjects].[id]

WHERE [sysprotects].[uid] = @DatabaseUserID;

OPEN _sysobjects;

FETCH NEXT FROM _sysobjects INTO @ObjectID, @ObjectName;

WHILE @@FETCH_STATUS = 0

BEGIN

SET @msgStatement = '';

IF EXISTS(SELECT 1

FROM [dbo].[sysprotects]

WHERE [id] = @ObjectID

AND [uid] = @DatabaseUserID

AND [action] = 193

AND [protecttype] = 205)

SET @msgStatement = @msgStatement + 'SELECT,';

IF EXISTS(SELECT 1

FROM [dbo].[sysprotects]

WHERE [id] = @ObjectID

AND [uid] = @DatabaseUserID

AND [action] = 195

AND [protecttype] = 205)

SET @msgStatement = @msgStatement + 'INSERT,';

IF EXISTS(SELECT 1

FROM [dbo].[sysprotects]

WHERE [id] = @ObjectID

AND [uid] = @DatabaseUserID

AND [action] = 197

AND [protecttype] = 205)

SET @msgStatement = @msgStatement + 'UPDATE,';

IF EXISTS(SELECT 1

FROM [dbo].[sysprotects]

WHERE [id] = @ObjectID

AND [uid] = @DatabaseUserID

AND [action] = 196

AND [protecttype] = 205)

SET @msgStatement = @msgStatement + 'DELETE,';

IF EXISTS(SELECT 1

FROM [dbo].[sysprotects]

WHERE [id] = @ObjectID

AND [uid] = @DatabaseUserID

AND [action] = 224

AND [protecttype] = 205)

SET @msgStatement = @msgStatement + 'EXECUTE,';

IF EXISTS(SELECT 1

FROM [dbo].[sysprotects]

WHERE [id] = @ObjectID

AND [uid] = @DatabaseUserID

AND [action] = 26

AND [protecttype] = 205)

SET @msgStatement = @msgStatement + 'REFERENCES,';

IF LEN(@msgStatement) > 0

BEGIN

IF RIGHT(@msgStatement, 1) = ','

SET @msgStatement = LEFT(@msgStatement, LEN(@msgStatement) - 1);

SET @msgStatement = 'GRANT' + CHAR(13) + CHAR(9) + @msgStatement + CHAR(13)

+ CHAR(9) + 'ON ' + @ObjectName + CHAR(13) + CHAR(9) + 'TO '

+ @DatabaseUserName + ';' ;

PRINT @msgStatement;

END

SET @msgStatement = '';

IF EXISTS(SELECT 1

FROM [dbo].[sysprotects]

WHERE [id] = @ObjectID

AND [uid] = @DatabaseUserID

AND [action] = 193

AND [protecttype] = 206)

SET @msgStatement = @msgStatement + 'SELECT,'

IF EXISTS(SELECT 1

FROM [dbo].[sysprotects]

WHERE [id] = @ObjectID

AND [uid] = @DatabaseUserID

AND [action] = 195

AND [protecttype] = 206)

SET @msgStatement = @msgStatement + 'INSERT,';

IF EXISTS(SELECT 1

FROM [dbo].[sysprotects]

WHERE [id] = @ObjectID

AND [uid] = @DatabaseUserID

AND [action] = 197

AND [protecttype] = 206)

SET @msgStatement = @msgStatement + 'UPDATE,';

IF EXISTS(SELECT 1

FROM [dbo].[sysprotects]

WHERE [id] = @ObjectID

AND [uid] = @DatabaseUserID

AND [action] = 196

AND [protecttype] = 206)

SET @msgStatement = @msgStatement + 'DELETE,'

IF EXISTS(SELECT 1

FROM [dbo].[sysprotects]

WHERE [id] = @ObjectID

AND [uid] = @DatabaseUserID

AND [action] = 224

AND [protecttype] = 206)

SET @msgStatement = @msgStatement + 'EXECUTE,';

IF EXISTS(SELECT *

FROM [dbo].[sysprotects]

WHERE [id] = @ObjectID

AND [uid] = @DatabaseUserID

AND [action] = 26

AND [protecttype] = 206)

SET @msgStatement = @msgStatement + 'REFERENCES,';

IF LEN(@msgStatement) > 0

BEGIN

IF RIGHT(@msgStatement, 1) = ','

SET @msgStatement = LEFT(@msgStatement, LEN(@msgStatement) - 1)

SET @msgStatement = 'DENY' + CHAR(13) + CHAR(9) + @msgStatement + CHAR(13)

+ CHAR(9) + 'ON ' + @ObjectName + CHAR(13) + CHAR(9) + 'TO '

+ @DatabaseUserName + ';' ;

PRINT @msgStatement;

END

FETCH NEXT FROM _sysobjects INTO @ObjectID, @ObjectName;

END

CLOSE _sysobjects;

DEALLOCATE _sysobjects;

PRINT 'GO'

END

SET NOCOUNT OFF

RETURN 0

运行结果实例如下：

EXEC [p_user_permissions_script_get] 'dbo'

--Security creation script for user sa

--Created

At:

2012

4:37PM163729

--Created

By: sa

Add User To Database

USE [DB_TEST]

EXEC [sp_grantdbaccess]

@loginame =

@name_in_db =

dbo

;

Add User To Roles

EXEC [sp_addrolemember]

@rolename =

db_owner

@membername =

dbo

;

--Set Database level Permissions

GRANT

CONNECT

TO dbo

;

--Set Object Specific Permissions

原创作品，转贴请注明作者和出处，留此信息。

------------------------------------------------

cnBlobs:CSDN：

作者：EricHu（DB、C\S、B\S、WebService、WCF、PM等）

出处：

Q Q：80368704 E-Mail: 80368704@qq.com

本博文欢迎大家浏览和转载，但未经作者同意必须保留此段声明，且在文章页面明显位置给出原文连接，在『参考』的文章中，我会表明参考的文章来源，尊重他人版权。若您发现我侵犯了您的版权，请及时与我联系。

更多文章请看

转载于:https://blog.51cto.com/yonghu/1321336

你可能感兴趣的文章

Mysql读写分离

查看>>

Oracle 备份与恢复学习笔记（5_1）

查看>>

Oracle 备份与恢复学习笔记（14）

查看>>

分布式配置中心disconf第一部(基本介绍)

查看>>

Scenario 9-Shared Uplink Set with Active/Active uplink，802.3ad(LACP)-Flex-10

查看>>

UML类图中的六种关系

查看>>

探寻Interpolator源码,自定义插值器

使用PullToRefresh实现下拉刷新和上拉加载

python2和python3同安装在Windows上，切换问题

查看>>

php加速工具xcache的安装与使用（基于LNMP环境）