From a304d6f08d5bc34083d103e74398ed34b83563f5 Mon Sep 17 00:00:00 2001
From: Thierry Schork <thierry.schork@galenica.com>
Date: Tue, 8 Apr 2025 11:43:55 +0200
Subject: [PATCH] sync

---
 ...rants and roles for all logins in a db.sql | 154 ++++++++++++++++++
 ...OIT - start job if not already running.sql |  27 +++
 ...dev permissions to a specific AD group.sql |  46 ++++++
 SYMDS - check initial load.sql                |  35 ++++
 SYMDS - sandbox.sql                           |  26 +++
 5 files changed, 288 insertions(+)
 create mode 100644 DEV - script grants and roles for all logins in a db.sql
 create mode 100644 EXPLOIT - start job if not already running.sql
 create mode 100644 HCI - add dev permissions to a specific AD group.sql
 create mode 100644 SYMDS - check initial load.sql
 create mode 100644 SYMDS - sandbox.sql

diff --git a/DEV - script grants and roles for all logins in a db.sql b/DEV - script grants and roles for all logins in a db.sql
new file mode 100644
index 0000000..7a3cc0b
--- /dev/null
+++ b/DEV - script grants and roles for all logins in a db.sql	
@@ -0,0 +1,154 @@
+USE [master]
+/* declare variables */
+DECLARE @db VARCHAR(100)
+IF OBJECT_ID('tempdb..#txt')IS NOT NULL BEGIN;
+    DROP TABLE #txt;
+END;
+
+CREATE TABLE #txt(
+    id INT NOT NULL IDENTITY 
+    ,db VARCHAR(100) NOT NULL 
+    ,msg NVARCHAR(MAX) NULL 
+);
+
+DECLARE csr_db CURSOR FAST_FORWARD READ_ONLY FOR 
+    SELECT d.name 
+    FROM sys.databases d
+    WHERE d.[database_id]>4
+    AND d.[is_read_only] = 0
+    AND d.[state]=0
+
+OPEN csr_db
+
+FETCH NEXT FROM csr_db INTO @db
+
+WHILE @@FETCH_STATUS = 0
+BEGIN
+    EXEC('
+    use '+@db+';
+
+-- Script to generate user creation and role membership
+DECLARE @UserScripts NVARCHAR(MAX) = '''';
+DECLARE @RoleScripts NVARCHAR(MAX) = '''';
+DECLARE @login NVARCHAR(MAX) = ''medicalData-importer-int'';
+--SET @login=null;
+
+-- Generate user creation scripts
+SELECT @UserScripts = @UserScripts + ''CREATE USER ['' + dp.name + ''] FOR LOGIN ['' + dp.name + ''];'' + CHAR(13) + CHAR(10)
+FROM sys.database_principals dp
+WHERE dp.type IN (''S'', ''U'', ''G'') 
+AND dp.name NOT IN (''dbo'', ''guest'', ''INFORMATION_SCHEMA'', ''sys'')
+AND dp.name = COALESCE(@login, dp.[name]);
+
+-- Generate role membership scripts
+SELECT @RoleScripts = @RoleScripts + ''ALTER ROLE ['' + dr.name + ''] ADD MEMBER ['' + dp.name + ''];'' + CHAR(13) + CHAR(10)
+FROM sys.database_principals dp
+JOIN sys.database_role_members drm ON dp.principal_id = drm.member_principal_id
+JOIN sys.database_principals dr ON drm.role_principal_id = dr.principal_id
+WHERE dp.type IN (''S'', ''U'', ''G'') 
+AND dp.name NOT IN (''dbo'', ''guest'', ''INFORMATION_SCHEMA'', ''sys'')
+AND dp.name = COALESCE(@login, dp.[name]);
+
+-- Print user creation and role membership scripts
+PRINT @UserScripts;
+insert into #txt(db,msg)
+select '''+@db+''',@UserScripts
+where nullif(@UserScripts,'''') is not null;
+
+PRINT @RoleScripts;
+insert into #txt(db,msg)
+select '''+@db+''',@RoleScripts
+where nullif(@RoleScripts,'''') is not null;
+
+-- Script to generate permissions
+DECLARE @PermissionScripts NVARCHAR(MAX) = '''';
+
+SELECT @PermissionScripts = @PermissionScripts + 
+    CASE 
+        WHEN p.state_desc = ''GRANT'' THEN ''GRANT '' 
+        WHEN p.state_desc = ''DENY'' THEN ''DENY '' 
+        WHEN p.state_desc = ''REVOKE'' THEN ''REVOKE '' 
+    END + p.permission_name + 
+    CASE 
+        WHEN p.class_desc = ''OBJECT_OR_COLUMN'' THEN '' ON ['' + OBJECT_NAME(p.major_id) + '']''
+        WHEN p.class_desc = ''DATABASE'' THEN '' ON DATABASE::['' + DB_NAME() + '']''
+        WHEN p.class_desc = ''SCHEMA'' THEN '' ON SCHEMA::['' + SCHEMA_NAME(p.major_id) + '']''
+        WHEN p.class_desc = ''TYPE'' THEN '' ON TYPE::['' + TYPE_NAME(p.major_id) + '']''
+        ELSE ''''
+    END + '' TO ['' + dp.name + ''];'' + CHAR(13) + CHAR(10)
+FROM sys.database_permissions p
+JOIN sys.database_principals dp ON p.grantee_principal_id = dp.principal_id
+WHERE dp.type IN (''S'', ''U'', ''G'') 
+AND dp.name NOT IN (''dbo'', ''guest'', ''INFORMATION_SCHEMA'', ''sys'')
+AND dp.name = COALESCE(@login, dp.[name]);
+
+-- Print permissions scripts
+PRINT  @PermissionScripts;
+insert into #txt(db,msg)
+select '''+@db+''',@PermissionScripts
+where nullif(@PermissionScripts,'''') is not null;
+    ');
+
+    FETCH NEXT FROM csr_db INTO @db
+END
+
+CLOSE csr_db
+DEALLOCATE csr_db
+
+SELECT * 
+FROM [#txt]
+
+RETURN
+
+
+--USE dba 
+
+-- Script to generate user creation and role membership
+DECLARE @UserScripts NVARCHAR(MAX) = '';
+DECLARE @RoleScripts NVARCHAR(MAX) = '';
+DECLARE @login NVARCHAR(MAX) = 'medicalData-importer-dev';
+
+-- Generate user creation scripts
+SELECT @UserScripts = @UserScripts + 'CREATE USER [' + dp.name + '] FOR LOGIN [' + dp.name + '];' + CHAR(13) + CHAR(10)
+FROM sys.database_principals dp
+WHERE dp.type IN ('S', 'U', 'G') 
+AND dp.name NOT IN ('dbo', 'guest', 'INFORMATION_SCHEMA', 'sys')
+AND dp.name = COALESCE(@login, dp.[name]);
+
+-- Generate role membership scripts
+SELECT @RoleScripts = @RoleScripts + 'ALTER ROLE [' + dr.name + '] ADD MEMBER [' + dp.name + '];' + CHAR(13) + CHAR(10)
+FROM sys.database_principals dp
+JOIN sys.database_role_members drm ON dp.principal_id = drm.member_principal_id
+JOIN sys.database_principals dr ON drm.role_principal_id = dr.principal_id
+WHERE dp.type IN ('S', 'U', 'G') 
+AND dp.name NOT IN ('dbo', 'guest', 'INFORMATION_SCHEMA', 'sys')
+AND dp.name = COALESCE(@login, dp.[name]);
+
+-- Print user creation and role membership scripts
+PRINT @UserScripts;
+PRINT @RoleScripts;
+
+-- Script to generate permissions
+DECLARE @PermissionScripts NVARCHAR(MAX) = '';
+
+SELECT @PermissionScripts = @PermissionScripts + 
+    CASE 
+        WHEN p.state_desc = 'GRANT' THEN 'GRANT ' 
+        WHEN p.state_desc = 'DENY' THEN 'DENY ' 
+        WHEN p.state_desc = 'REVOKE' THEN 'REVOKE ' 
+    END + p.permission_name + 
+    CASE 
+        WHEN p.class_desc = 'OBJECT_OR_COLUMN' THEN ' ON [' + OBJECT_NAME(p.major_id) + ']'
+        WHEN p.class_desc = 'DATABASE' THEN ' ON DATABASE::[' + DB_NAME() + ']'
+        WHEN p.class_desc = 'SCHEMA' THEN ' ON SCHEMA::[' + SCHEMA_NAME(p.major_id) + ']'
+        WHEN p.class_desc = 'TYPE' THEN ' ON TYPE::[' + TYPE_NAME(p.major_id) + ']'
+        ELSE ''
+    END + ' TO [' + dp.name + '];' + CHAR(13) + CHAR(10)
+FROM sys.database_permissions p
+JOIN sys.database_principals dp ON p.grantee_principal_id = dp.principal_id
+WHERE dp.type IN ('S', 'U', 'G') 
+AND dp.name NOT IN ('dbo', 'guest', 'INFORMATION_SCHEMA', 'sys')
+AND dp.name = COALESCE(@login, dp.[name]);
+
+-- Print permissions scripts
+PRINT  @PermissionScripts;
\ No newline at end of file
diff --git a/EXPLOIT - start job if not already running.sql b/EXPLOIT - start job if not already running.sql
new file mode 100644
index 0000000..90cf7f5
--- /dev/null
+++ b/EXPLOIT - start job if not already running.sql	
@@ -0,0 +1,27 @@
+DECLARE @job NVARCHAR(MAX)='DR00510 - TriaFin subscription agent';
+
+IF NOT EXISTS(
+     SELECT [j].[name] AS [job_name],
+            [j].[job_id],
+            [a].[run_requested_date],
+            [a].[next_scheduled_run_date],
+            [a].[start_execution_date],
+            [a].[stop_execution_date]
+     FROM [msdb].[dbo].[sysjobs] [j]
+         JOIN (
+              SELECT MAX([session_id]) AS [session_id],
+                     [job_id]
+              FROM [msdb].[dbo].[sysjobactivity] [ia]
+              GROUP BY [job_id]
+              ) [sess] ON [sess].[job_id] = [j].[job_id]
+         JOIN [msdb].[dbo].[sysjobactivity] [a] ON [a].[job_id] = [j].[job_id] AND [sess].[session_id] = [a].[session_id]
+
+     WHERE [j].[name] = @job
+       AND [start_execution_date] IS NOT NULL
+       AND [stop_execution_date] IS NULL
+     )
+	AND EXISTS(SELECT 1 FROM msdb.dbo.[sysjobs] WHERE name=@job)
+BEGIN
+    EXEC [msdb].[dbo].[sp_start_job] @job_name = @job
+    PRINT 'started job '+@job
+END
\ No newline at end of file
diff --git a/HCI - add dev permissions to a specific AD group.sql b/HCI - add dev permissions to a specific AD group.sql
new file mode 100644
index 0000000..06d5c3c
--- /dev/null
+++ b/HCI - add dev permissions to a specific AD group.sql	
@@ -0,0 +1,46 @@
+/*
+12.03.2025, TSC
+*/
+BEGIN TRANSACTION 
+SET XACT_ABORT ON;
+SET NOCOUNT ON;
+
+DECLARE @loginName NVARCHAR(128) = 'centralinfra\L-CI-AP-SQL-PROD_MED_Team';
+DECLARE @sql NVARCHAR(MAX)='';
+
+-- Cursor to iterate through all user databases
+DECLARE db_cursor CURSOR LOCAL READ_ONLY FORWARD_ONLY FOR
+SELECT d.name
+FROM sys.databases d
+WHERE d.database_id > 4 -- Exclude system databases
+AND d.[source_database_id] IS NULL --not a snapshot
+AND d.[state_desc]='online'
+AND [d].[is_read_only]=0
+
+OPEN db_cursor;
+FETCH NEXT FROM db_cursor INTO @sql;
+
+WHILE @@FETCH_STATUS = 0
+BEGIN
+    SET @sql = 'USE [' + @sql + ']; '+CHAR(13)+CHAR(10) +
+               'IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = ''' + @loginName + ''') '+CHAR(13)+CHAR(10) +
+               'BEGIN '+CHAR(13)+CHAR(10) +
+               '    CREATE USER [' + @loginName + '] FOR LOGIN [' + @loginName + ']; '+CHAR(13)+CHAR(10) +
+               'END '+CHAR(13)+CHAR(10) +
+               'ALTER USER [' + @loginName + '] WITH DEFAULT_SCHEMA = dbo; '+CHAR(13)+CHAR(10) +
+               'EXEC sp_addrolemember ''db_ddladmin'', ''' + @loginName + '''; '+CHAR(13)+CHAR(10) +
+               'EXEC sp_addrolemember ''db_datareader'', ''' + @loginName + '''; '+CHAR(13)+CHAR(10) +
+               'EXEC sp_addrolemember ''db_datawriter'', ''' + @loginName + ''';'+CHAR(13)+CHAR(10)+
+               'GRANT EXECUTE TO [' + @loginName + '];'+CHAR(13)+CHAR(10)+
+               '------------------------------------'+CHAR(13)+CHAR(10);
+
+    EXEC sp_executesql @sql;
+    PRINT @sql;
+    FETCH NEXT FROM db_cursor INTO @sql;
+END
+
+CLOSE db_cursor;
+DEALLOCATE db_cursor;
+
+--ROLLBACK TRANSACTION 
+COMMIT TRANSACTION 
\ No newline at end of file
diff --git a/SYMDS - check initial load.sql b/SYMDS - check initial load.sql
new file mode 100644
index 0000000..4deb750
--- /dev/null
+++ b/SYMDS - check initial load.sql	
@@ -0,0 +1,35 @@
+USE [dba_reporting]
+
+SELECT 
+    [batch_id]
+    ,[node_id]
+    ,[channel_id]
+    ,[status]
+    ,[error_flag]
+    ,[create_time]
+    ,[summary]
+    ,[byte_count]/1024.0/1024.0 AS MByte_count
+    ,[extract_row_count]
+    --,[extract_millis]
+    ,RIGHT('0' + CAST([extract_millis] / 3600000 AS VARCHAR), 2) + ':' +RIGHT('0' + CAST(([extract_millis] % 3600000) / 60000 AS VARCHAR), 2) + ':' +RIGHT('0' + CAST(([extract_millis] % 60000) / 1000 AS VARCHAR), 2) AS [extract_human]
+    --,[load_millis]
+    ,RIGHT('0' + CAST([load_millis] / 3600000 AS VARCHAR), 2) + ':' +RIGHT('0' + CAST(([load_millis] % 3600000) / 60000 AS VARCHAR), 2) + ':' +RIGHT('0' + CAST(([load_millis] % 60000) / 1000 AS VARCHAR), 2) AS [load_human]
+    ,[extract_start_time]
+    ,[transfer_start_time]
+    ,[load_start_time]
+FROM [dbo].[sym_outgoing_batch]
+WHERE [channel_id]='reload'
+AND [node_id]='bag'
+AND [status]<>'OK'
+
+RETURN
+
+SELECT * 
+--UPDATE s SET [s].[source_catalog_name]='sl2007'
+FROM [dbo].[sym_trigger] s
+WHERE [channel_id]='sl2007_push'
+
+
+UPDATE [dbo].[sym_outgoing_batch]
+SET [status]='IG'
+WHERE [batch_id]=305
\ No newline at end of file
diff --git a/SYMDS - sandbox.sql b/SYMDS - sandbox.sql
new file mode 100644
index 0000000..3ee819f
--- /dev/null
+++ b/SYMDS - sandbox.sql	
@@ -0,0 +1,26 @@
+USE [dba_reporting]
+
+SELECT * 
+--UPDATE c SET [c].[data_loader_type]='bulk'
+FROM sym_channel c
+WHERE [channel_id]='reload'
+
+RETURN
+
+SELECT * 
+--UPDATE x SET [x].[status]='IG'
+FROM [dbo].[sym_outgoing_batch] x
+WHERE [x].[channel_id]='reload'
+AND [x].[node_id]='BAG'
+
+RETURN
+
+insert into dbo.SYM_TABLE_RELOAD_REQUEST (target_node_id, source_node_id, trigger_id, router_id, create_time, last_update_time)
+     values ('BAG', 'proddb', 'push_PACK_NEW', 'onprem to cloud', current_timestamp, current_timestamp);
+
+
+update sym_channel 
+    SET data_loader_type='bulk'
+    , max_batch_size=1000 
+    , [max_batch_to_send] = 10
+WHERE channel_id='reload'
\ No newline at end of file