thierry/sql-scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7cf858256a3fbe2fca7671ece67dfd08552b5e34
sql-scripts/OCTPDBA-337 - php logins webinvaders/recreate login SqlPrescAppTmpUsr.sql
Thierry Schork 7cf858256a initial commit
2022-12-30 12:10:12 +01:00

391 lines
11 KiB
Transact-SQL
Raw Blame History

BEGIN TRANSACTION
SET XACT_ABORT ON;
SET NOCOUNT ON;
USE [master]
IF EXISTS(SELECT 1 FROM master.dbo.syslogins WHERE name = 'SqlPrescAppTmpUsr')
BEGIN
ALTER LOGIN SqlPrescAppTmpUsr WITH PASSWORD = N'exzIzPJ@2y9cErHbZh0@', DEFAULT_DATABASE=[master], DEFAULT_LANGUAGE=[us_english], CHECK_EXPIRATION=OFF, CHECK_POLICY=ON
ALTER LOGIN SqlPrescAppTmpUsr ENABLE
END
ELSE
BEGIN
CREATE LOGIN SqlPrescAppTmpUsr WITH PASSWORD = N'exzIzPJ@2y9cErHbZh0@', DEFAULT_DATABASE=[master], DEFAULT_LANGUAGE=[us_english], CHECK_EXPIRATION=OFF, CHECK_POLICY=ON
END
GO
USE ArizonaREP;
GO
/*=============================================================================
Script to create dbRolePrescriptionApp role.
Role Name: dbRolePrescriptionApp
TEMPLATE: Default
EXAMPLE OF SECURABLES TO SET:
INSERT INTO #Securables
VALUES
('DB','GRANT','VIEW DEFINITION','',''),
('SCHEMA','GRANT','SELECT,EXECUTE,INSERT,UPDATE,DELETE','','AP'),
('TABLE','GRANT','INSERT,UPDATE','Address','dbo'),
('SP','GRANT','EXECUTE','sp_bmc_GetNextID','dbo'),
('ROLE','GRANT','db_datareader','','')
-----------------------------------------------
Generate date : 2022-10-13 / up208700
=============================================================================*/
DECLARE @Command NVARCHAR(MAX),
@RoleName VARCHAR(60),
@Users VARCHAR(255),
@typeofobject VARCHAR(50),
@grantordeny VARCHAR(10),
@rightsaction VARCHAR(255),
@objectname VARCHAR(255),
@schemaid VARCHAR(10),
@sysTarget VARCHAR(255),
@sysType VARCHAR(255);
SET @RoleName = 'dbRolePrescriptionApp';
SET @Command = N'';
/* TEMP TABLES */
CREATE TABLE #UsersOnRole (username VARCHAR(255));
CREATE TABLE #Securables (typeofobject VARCHAR(50),
grantordeny VARCHAR(10),
rightsaction VARCHAR(255),
objectname VARCHAR(255),
schemaid VARCHAR(10),
N2 BIT);
/* !!! LIST OF SECURABLES TO CHANGE !!! */
INSERT INTO #Securables
VALUES ('TABLE', 'GRANT', 'SELECT', 'Address', 'dbo', 0),
('TABLE', 'GRANT', 'SELECT', 'Address_key', 'dbo', 0),
('TABLE', 'GRANT', 'SELECT', 'Address_OU_Link', 'dbo', 0),
('TABLE', 'GRANT', 'SELECT', 'aps_authosization', 'dbo', 0),
('TABLE', 'GRANT', 'SELECT', 'Autorization_status_history', 'dbo', 0),
('TABLE', 'GRANT', 'SELECT', 'Telecom', 'dbo', 0);
/* GET ALL USERS ON THIS ROLE */
INSERT INTO #UsersOnRole
SELECT members.name
FROM sys.database_role_members
JOIN sys.database_principals roles
ON database_role_members.role_principal_id = roles.principal_id
JOIN sys.database_principals members
ON database_role_members.member_principal_id = members.principal_id
WHERE roles.name = @RoleName;
/* CREATE ROLE */
SELECT @Command
= N'
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = ''' + @RoleName
+ N''' AND type = ''R'')
BEGIN
CREATE ROLE [' + @RoleName + N'] AUTHORIZATION [dbo]
PRINT ''CREATE ROLE [' + @RoleName + N']''
END
';
EXEC sp_executesql @Command;
SET @Command = N'
DECLARE @SP_Name varchar(255)
';
/* SET ALL ROLE SECURABLES */
DECLARE SecurablesCurs CURSOR FOR
SELECT typeofobject,
grantordeny,
rightsaction,
objectname,
schemaid
FROM #Securables
WHERE N2 = 0;
OPEN SecurablesCurs;
FETCH NEXT FROM SecurablesCurs
INTO @typeofobject,
@grantordeny,
@rightsaction,
@objectname,
@schemaid;
WHILE @@FETCH_STATUS = 0
BEGIN
IF @typeofobject = 'DB'
BEGIN
IF EXISTS ( SELECT 1
FROM sys.fn_builtin_permissions('DATABASE')
WHERE permission_name = '' + @rightsaction + '')
BEGIN
SET @Command = @Command + @grantordeny + N' ' + @rightsaction + N' TO [' + @RoleName + N']
' ;
END;
END;
IF @typeofobject = 'SCHEMA'
BEGIN
SET @Command
= @Command + N'
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = ''' + @schemaid
+ N''')
BEGIN
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''SCHEMA'') WHERE permission_name = ''' + @rightsaction
+ N''')
BEGIN
' + @grantordeny + N' ' + @rightsaction + N' ON SCHEMA::' + @schemaid + N' TO [' + @RoleName
+ N']
END
END
' ;
END;
IF @typeofobject IN ( 'TABLE', 'SP', 'FUNCTIONS', 'VIEWS' )
BEGIN
IF @objectname LIKE '%[%]%'
BEGIN
IF @typeofobject = 'TABLE'
BEGIN
SET @sysTarget = 'sys.tables';
SET @sysType = '';
END;
IF @typeofobject = 'SP'
BEGIN
SET @sysTarget = 'sys.procedures';
SET @sysType = '';
END;
IF @typeofobject = 'FUNCTIONS'
BEGIN
SET @sysTarget = 'sys.objects';
SET @sysType = ' and p.Type IN ( N''FN'', N''IF'', N''TF'', N''FS'', N''FT'' )';
END;
IF @typeofobject = 'VIEWS'
BEGIN
SET @sysTarget = 'sys.views';
SET @sysType = '';
END;
SET @Command
= @Command + N'
DECLARE SP_cursor CURSOR FOR
SELECT p.name FROM ' + @sysTarget + N' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''
+ @objectname + N''') and s.name = ''' + @schemaid + N'' + @sysType
+ N'''
OPEN SP_cursor
FETCH NEXT FROM SP_cursor INTO @SP_Name
WHILE @@FETCH_STATUS = 0
BEGIN
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''OBJECT'') WHERE permission_name = ''' + @rightsaction
+ N''')
BEGIN
EXEC(''' + @grantordeny + N' ' + @rightsaction + N' ON [' + @schemaid
+ N'].['' + @SP_Name + ''] TO [' + @RoleName
+ N']'')
END
FETCH NEXT FROM SP_cursor INTO @SP_Name
END
CLOSE SP_cursor
DEALLOCATE SP_cursor
' ;
END;
ELSE
BEGIN
SET @Command
= @Command
+ N'
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''
+ @objectname + N''' AND o.type IN (N''U'',''P'',''V'',''FN'',''IF'',''TF'') AND s.name = '''
+ @schemaid
+ N''')
BEGIN
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''OBJECT'') WHERE permission_name = ''' + @rightsaction
+ N''')
BEGIN
' + @grantordeny + N' ' + @rightsaction + N' ON [' + @schemaid + N'].[' + @objectname
+ N'] TO [' + @RoleName + N']
END
END
' ;
END;
END;
IF @typeofobject = 'ASSEMBLIES'
BEGIN
SET @Command
= @Command + N'
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = ''' + @objectname
+ N''')
BEGIN
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''ASSEMBLY'') WHERE permission_name = ''' + @rightsaction
+ N''')
BEGIN
' + @grantordeny + N' ' + @rightsaction + N'::[' + @objectname + N'] TO [' + @RoleName
+ N']
END
END
' ;
END;
IF @typeofobject = 'ROLE'
BEGIN
SET @Command
= @Command
+ N'
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''
+ @rightsaction + N''' AND members.name = ''' + @RoleName + N''')
BEGIN
EXEC sp_addrolemember N''' + @rightsaction + N''', N''' + @RoleName + N'''
END
' ;
END;
FETCH NEXT FROM SecurablesCurs
INTO @typeofobject,
@grantordeny,
@rightsaction,
@objectname,
@schemaid;
END;
CLOSE SecurablesCurs;
DEALLOCATE SecurablesCurs;
PRINT 'SET ALL SECURABLES ON ROLE [' + @RoleName + ']';
EXEC sp_executesql @Command;
/* ADD USER */
DECLARE UsersCurs CURSOR FOR SELECT username FROM #UsersOnRole;
OPEN UsersCurs;
FETCH NEXT FROM UsersCurs
INTO @Users;
WHILE @@FETCH_STATUS = 0
BEGIN
SELECT @Command = N'
EXEC sp_addrolemember N''' + @RoleName + N''', N''' + @Users + N'''
PRINT ''ADD USER [' + @Users + N'] ON ROLE [' + @RoleName + N']''
' ;
FETCH NEXT FROM UsersCurs
INTO @Users;
END;
CLOSE UsersCurs;
DEALLOCATE UsersCurs;
EXEC sp_executesql @Command;
/*=============================================================================
Drop temp tables
=============================================================================*/
DROP TABLE #Securables;
DROP TABLE #UsersOnRole;
/*=============================================================================
Script to create / map all users
=============================================================================*/
DECLARE @username VARCHAR(255),
@Database VARCHAR(255);
SET @username = '';
SET @Command = N'';
SET @Database = '';
CREATE TABLE #AllUsersAndRoles (databasename VARCHAR(255),
rolename VARCHAR(255),
username VARCHAR(255));
INSERT INTO #AllUsersAndRoles
VALUES ('ArizonaREP', 'dbRolePrescriptionApp', 'SqlAppPrescAppTmpUsrInt'),
('ArizonaREP', 'dbRolePrescriptionApp', 'SqlAppPrescAppTmpUsrProd'),
('ArizonaREP', 'dbRolePrescriptionApp', 'SqlAppPrescAppTmpUsrTest'),
('ArizonaREP', 'dbRolePrescriptionApp', 'SqlPrescAppTmpUsr');
DECLARE MapUsersAndRolesCurs CURSOR FOR
SELECT databasename,
rolename,
username
FROM #AllUsersAndRoles AUAR
JOIN master.sys.databases D
ON D.name = AUAR.databasename;
OPEN MapUsersAndRolesCurs;
FETCH NEXT FROM MapUsersAndRolesCurs
INTO @Database,
@RoleName,
@username;
WHILE @@FETCH_STATUS = 0
BEGIN
SET @Command
= N'USE ' + @Database + N'
IF EXISTS (SELECT 1 FROM master.dbo.syslogins WHERE name = ''' + @username
+ N''')
BEGIN
IF EXISTS (SELECT 1 FROM sys.database_principals WHERE name = N''' + @RoleName
+ N''' AND [type] = ''R'')
BEGIN
IF EXISTS (SELECT 1 FROM sys.database_principals WHERE name = N''' + @username
+ N''')
BEGIN
ALTER USER [' + @username + N'] WITH LOGIN = [' + @username + N']
EXEC sp_addrolemember N''' + @RoleName + N''', N''' + @username
+ N'''
END
ELSE
BEGIN
CREATE USER [' + @username + N'] FOR LOGIN [' + @username
+ N'] WITH DEFAULT_SCHEMA=[dbo]
EXEC sp_addrolemember N''' + @RoleName + N''', N''' + @username + N'''
END
END
END
' ;
EXEC sp_executesql @Command;
FETCH NEXT FROM MapUsersAndRolesCurs
INTO @Database,
@RoleName,
@username;
END;
CLOSE MapUsersAndRolesCurs;
DEALLOCATE MapUsersAndRolesCurs;
DROP TABLE #AllUsersAndRoles;
GO
--ROLLBACK TRANSACTION
COMMIT TRANSACTION
Reference in New Issue View Git Blame Copy Permalink