35683 lines
1.1 MiB
35683 lines
1.1 MiB
CREATE TABLE #AllRoles(STR_Definition VARCHAR(MAX), STR_Database VARCHAR(255), STR_Product VARCHAR(255))
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleActivePharmacy role.
|
|
|
|
Role Name: dbRoleActivePharmacy
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleActivePharmacy''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''ROLE'',''GRANT'',''DB_OWNER'','''',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','ActivePos_read','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleCsltUsr role.
|
|
|
|
Role Name: dbRoleCsltUsr
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleCsltUsr''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''EXECUTE'','''',''dbo'',0)
|
|
,(''DB'',''GRANT'',''SHOWPLAN'','''',''dbo'',0)
|
|
,(''DB'',''GRANT'',''VIEW DEFINITION'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAWRITER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_OWNER'','''',''dbo'',1)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','ActivePos_read','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleDevUsr role.
|
|
|
|
Role Name: dbRoleDevUsr
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleDevUsr''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''EXECUTE'','''',''dbo'',0)
|
|
,(''DB'',''GRANT'',''SHOWPLAN'','''',''dbo'',0)
|
|
,(''DB'',''GRANT'',''VIEW DEFINITION'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAWRITER'','''',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','ActivePos_read','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleIttechUsr role.
|
|
|
|
Role Name: dbRoleIttechUsr
|
|
TEMPLATE: N2 and PROD
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Type varchar(6),
|
|
@Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleIttechUsr''
|
|
SET @Command = ''''
|
|
|
|
SELECT @Type = [Type] FROM [master].[cfg].[InstanceContext]
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''ROLE'',''GRANT'',''DB_OWNER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_OWNER'','''',''dbo'',1)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
IF @Type = ''DEVE''
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 1
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole','ActivePos_read','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleSupUsr role.
|
|
|
|
Role Name: dbRoleSupUsr
|
|
TEMPLATE: N2 and PROD
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Type varchar(6),
|
|
@Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleSupUsr''
|
|
SET @Command = ''''
|
|
|
|
SELECT @Type = [Type] FROM [master].[cfg].[InstanceContext]
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_OWNER'','''',''dbo'',1)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
IF @Type = ''DEVE''
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 1
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole','ActivePos_read','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleTPPos role.
|
|
|
|
Role Name: dbRoleTPPos
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleTPPos''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''EXECUTE'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DDLADMIN'','''',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','ActivePos_read','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleActiveConfig role.
|
|
|
|
Role Name: dbRoleActiveConfig
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleActiveConfig''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''SP'',''GRANT'',''EXECUTE'',''GetApplications'',''dbo'',0)
|
|
,(''SP'',''GRANT'',''EXECUTE'',''GetConfigurationDatabaseSchemaVersion'',''dbo'',0)
|
|
,(''SP'',''GRANT'',''EXECUTE'',''GetSettings'',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','ActivePos_server','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleActivePharmacy role.
|
|
|
|
Role Name: dbRoleActivePharmacy
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleActivePharmacy''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''ROLE'',''GRANT'',''DB_OWNER'','''',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','ActivePos_server','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleCsltUsr role.
|
|
|
|
Role Name: dbRoleCsltUsr
|
|
TEMPLATE: N2 and PROD
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Type varchar(6),
|
|
@Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleCsltUsr''
|
|
SET @Command = ''''
|
|
|
|
SELECT @Type = [Type] FROM [master].[cfg].[InstanceContext]
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''CREATE TABLE'','''',''dbo'',0)
|
|
,(''DB'',''GRANT'',''EXECUTE'','''',''dbo'',0)
|
|
,(''DB'',''GRANT'',''SHOWPLAN'','''',''dbo'',0)
|
|
,(''DB'',''GRANT'',''VIEW DEFINITION'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAWRITER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_OWNER'','''',''dbo'',1)
|
|
,(''SCHEMA'',''GRANT'',''ALTER'',''Entire Schema'',''tmp'',0)
|
|
,(''SCHEMA'',''GRANT'',''DELETE'',''Entire Schema'',''tmp'',0)
|
|
,(''SCHEMA'',''GRANT'',''EXECUTE'',''Entire Schema'',''tmp'',0)
|
|
,(''SCHEMA'',''GRANT'',''INSERT'',''Entire Schema'',''tmp'',0)
|
|
,(''SCHEMA'',''GRANT'',''SELECT'',''Entire Schema'',''tmp'',0)
|
|
,(''SCHEMA'',''GRANT'',''UPDATE'',''Entire Schema'',''tmp'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
IF @Type = ''DEVE''
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 1
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole','ActivePos_server','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleDevUsr role.
|
|
|
|
Role Name: dbRoleDevUsr
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleDevUsr''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''ROLE'',''GRANT'',''DB_OWNER'','''',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','ActivePos_server','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleIttechUsr role.
|
|
|
|
Role Name: dbRoleIttechUsr
|
|
TEMPLATE: N2 and PROD
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Type varchar(6),
|
|
@Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleIttechUsr''
|
|
SET @Command = ''''
|
|
|
|
SELECT @Type = [Type] FROM [master].[cfg].[InstanceContext]
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''CREATE TABLE'','''',''dbo'',0)
|
|
,(''DB'',''GRANT'',''EXECUTE'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAWRITER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_OWNER'','''',''dbo'',1)
|
|
,(''SCHEMA'',''GRANT'',''ALTER'',''Entire Schema'',''tmp'',0)
|
|
,(''SCHEMA'',''GRANT'',''DELETE'',''Entire Schema'',''tmp'',0)
|
|
,(''SCHEMA'',''GRANT'',''EXECUTE'',''Entire Schema'',''tmp'',0)
|
|
,(''SCHEMA'',''GRANT'',''INSERT'',''Entire Schema'',''tmp'',0)
|
|
,(''SCHEMA'',''GRANT'',''SELECT'',''Entire Schema'',''tmp'',0)
|
|
,(''SCHEMA'',''GRANT'',''UPDATE'',''Entire Schema'',''tmp'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
IF @Type = ''DEVE''
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 1
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole','ActivePos_server','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleSupUsr role.
|
|
|
|
Role Name: dbRoleSupUsr
|
|
TEMPLATE: N2 and PROD
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Type varchar(6),
|
|
@Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleSupUsr''
|
|
SET @Command = ''''
|
|
|
|
SELECT @Type = [Type] FROM [master].[cfg].[InstanceContext]
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''CREATE TABLE'','''',''dbo'',0)
|
|
,(''DB'',''GRANT'',''EXECUTE'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAWRITER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_OWNER'','''',''dbo'',1)
|
|
,(''SCHEMA'',''GRANT'',''ALTER'',''Entire Schema'',''tmp'',0)
|
|
,(''SCHEMA'',''GRANT'',''DELETE'',''Entire Schema'',''tmp'',0)
|
|
,(''SCHEMA'',''GRANT'',''EXECUTE'',''Entire Schema'',''tmp'',0)
|
|
,(''SCHEMA'',''GRANT'',''INSERT'',''Entire Schema'',''tmp'',0)
|
|
,(''SCHEMA'',''GRANT'',''SELECT'',''Entire Schema'',''tmp'',0)
|
|
,(''SCHEMA'',''GRANT'',''UPDATE'',''Entire Schema'',''tmp'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
IF @Type = ''DEVE''
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 1
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole','ActivePos_server','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleTPPos role.
|
|
|
|
Role Name: dbRoleTPPos
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleTPPos''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''EXECUTE'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAWRITER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DDLADMIN'','''',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','ActivePos_server','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleActiveConfig role.
|
|
|
|
Role Name: dbRoleActiveConfig
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleActiveConfig''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''SP'',''GRANT'',''EXECUTE'',''GetApplications'',''dbo'',0)
|
|
,(''SP'',''GRANT'',''EXECUTE'',''GetConfigurationDatabaseSchemaVersion'',''dbo'',0)
|
|
,(''SP'',''GRANT'',''EXECUTE'',''GetSettings'',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','ActivePos_write','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleActivePharmacy role.
|
|
|
|
Role Name: dbRoleActivePharmacy
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleActivePharmacy''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''ROLE'',''GRANT'',''DB_OWNER'','''',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','ActivePos_write','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleCsltUsr role.
|
|
|
|
Role Name: dbRoleCsltUsr
|
|
TEMPLATE: N2 and PROD
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Type varchar(6),
|
|
@Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleCsltUsr''
|
|
SET @Command = ''''
|
|
|
|
SELECT @Type = [Type] FROM [master].[cfg].[InstanceContext]
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''EXECUTE'','''',''dbo'',0)
|
|
,(''DB'',''GRANT'',''SHOWPLAN'','''',''dbo'',0)
|
|
,(''DB'',''GRANT'',''VIEW DEFINITION'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAWRITER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_OWNER'','''',''dbo'',1)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
IF @Type = ''DEVE''
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 1
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole','ActivePos_write','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleDevUsr role.
|
|
|
|
Role Name: dbRoleDevUsr
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleDevUsr''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''EXECUTE'','''',''dbo'',0)
|
|
,(''DB'',''GRANT'',''SHOWPLAN'','''',''dbo'',0)
|
|
,(''DB'',''GRANT'',''VIEW DEFINITION'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAWRITER'','''',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','ActivePos_write','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleIttechUsr role.
|
|
|
|
Role Name: dbRoleIttechUsr
|
|
TEMPLATE: N2 and PROD
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Type varchar(6),
|
|
@Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleIttechUsr''
|
|
SET @Command = ''''
|
|
|
|
SELECT @Type = [Type] FROM [master].[cfg].[InstanceContext]
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''EXECUTE'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAWRITER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_OWNER'','''',''dbo'',1)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
IF @Type = ''DEVE''
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 1
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole','ActivePos_write','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleSupUsr role.
|
|
|
|
Role Name: dbRoleSupUsr
|
|
TEMPLATE: N2 and PROD
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Type varchar(6),
|
|
@Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleSupUsr''
|
|
SET @Command = ''''
|
|
|
|
SELECT @Type = [Type] FROM [master].[cfg].[InstanceContext]
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''EXECUTE'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAWRITER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_OWNER'','''',''dbo'',1)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
IF @Type = ''DEVE''
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 1
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole','ActivePos_write','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleTPPos role.
|
|
|
|
Role Name: dbRoleTPPos
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleTPPos''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''EXECUTE'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAWRITER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DDLADMIN'','''',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','ActivePos_write','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleActiveConfig role.
|
|
|
|
Role Name: dbRoleActiveConfig
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleActiveConfig''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''SP'',''GRANT'',''EXECUTE'',''GetApplications'',''cfg'',0)
|
|
,(''SP'',''GRANT'',''EXECUTE'',''GetConfigurationDatabaseSchemaVersion'',''cfg'',0)
|
|
,(''SP'',''GRANT'',''EXECUTE'',''GetSettings'',''cfg'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','ActiveSystemClient','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleActivePharmacy role.
|
|
|
|
Role Name: dbRoleActivePharmacy
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleActivePharmacy''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''ROLE'',''GRANT'',''DB_OWNER'','''',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','ActiveSystemClient','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleCsltUsr role.
|
|
|
|
Role Name: dbRoleCsltUsr
|
|
TEMPLATE: N2 and PROD
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Type varchar(6),
|
|
@Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleCsltUsr''
|
|
SET @Command = ''''
|
|
|
|
SELECT @Type = [Type] FROM [master].[cfg].[InstanceContext]
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''EXECUTE'','''',''dbo'',0)
|
|
,(''DB'',''GRANT'',''SHOWPLAN'','''',''dbo'',0)
|
|
,(''DB'',''GRANT'',''VIEW DEFINITION'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAWRITER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_OWNER'','''',''dbo'',1)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
IF @Type = ''DEVE''
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 1
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole','ActiveSystemClient','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleDevUsr role.
|
|
|
|
Role Name: dbRoleDevUsr
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleDevUsr''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''EXECUTE'','''',''dbo'',0)
|
|
,(''DB'',''GRANT'',''SHOWPLAN'','''',''dbo'',0)
|
|
,(''DB'',''GRANT'',''VIEW DEFINITION'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAWRITER'','''',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','ActiveSystemClient','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleIttechUsr role.
|
|
|
|
Role Name: dbRoleIttechUsr
|
|
TEMPLATE: N2 and PROD
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Type varchar(6),
|
|
@Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleIttechUsr''
|
|
SET @Command = ''''
|
|
|
|
SELECT @Type = [Type] FROM [master].[cfg].[InstanceContext]
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''EXECUTE'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAWRITER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_OWNER'','''',''dbo'',1)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
IF @Type = ''DEVE''
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 1
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole','ActiveSystemClient','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleSupUsr role.
|
|
|
|
Role Name: dbRoleSupUsr
|
|
TEMPLATE: N2 and PROD
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Type varchar(6),
|
|
@Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleSupUsr''
|
|
SET @Command = ''''
|
|
|
|
SELECT @Type = [Type] FROM [master].[cfg].[InstanceContext]
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''EXECUTE'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAWRITER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_OWNER'','''',''dbo'',1)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
IF @Type = ''DEVE''
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 1
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole','ActiveSystemClient','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleActiveConfig role.
|
|
|
|
Role Name: dbRoleActiveConfig
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleActiveConfig''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''SP'',''GRANT'',''EXECUTE'',''GetApplications'',''cfg'',0)
|
|
,(''SP'',''GRANT'',''EXECUTE'',''GetConfigurationDatabaseSchemaVersion'',''cfg'',0)
|
|
,(''SP'',''GRANT'',''EXECUTE'',''GetSettings'',''cfg'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','ActiveSystemServer','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleActivePharmacy role.
|
|
|
|
Role Name: dbRoleActivePharmacy
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleActivePharmacy''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''ROLE'',''GRANT'',''DB_OWNER'','''',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','ActiveSystemServer','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleCsltUsr role.
|
|
|
|
Role Name: dbRoleCsltUsr
|
|
TEMPLATE: N2 and PROD
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Type varchar(6),
|
|
@Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleCsltUsr''
|
|
SET @Command = ''''
|
|
|
|
SELECT @Type = [Type] FROM [master].[cfg].[InstanceContext]
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''EXECUTE'','''',''dbo'',0)
|
|
,(''DB'',''GRANT'',''SHOWPLAN'','''',''dbo'',0)
|
|
,(''DB'',''GRANT'',''VIEW DEFINITION'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAWRITER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_OWNER'','''',''dbo'',1)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
IF @Type = ''DEVE''
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 1
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole','ActiveSystemServer','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleDevUsr role.
|
|
|
|
Role Name: dbRoleDevUsr
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleDevUsr''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''EXECUTE'','''',''dbo'',0)
|
|
,(''DB'',''GRANT'',''SHOWPLAN'','''',''dbo'',0)
|
|
,(''DB'',''GRANT'',''VIEW DEFINITION'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAWRITER'','''',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','ActiveSystemServer','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleIttechUsr role.
|
|
|
|
Role Name: dbRoleIttechUsr
|
|
TEMPLATE: N2 and PROD
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Type varchar(6),
|
|
@Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleIttechUsr''
|
|
SET @Command = ''''
|
|
|
|
SELECT @Type = [Type] FROM [master].[cfg].[InstanceContext]
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''EXECUTE'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAWRITER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_OWNER'','''',''dbo'',1)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
IF @Type = ''DEVE''
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 1
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole','ActiveSystemServer','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleSupUsr role.
|
|
|
|
Role Name: dbRoleSupUsr
|
|
TEMPLATE: N2 and PROD
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Type varchar(6),
|
|
@Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleSupUsr''
|
|
SET @Command = ''''
|
|
|
|
SELECT @Type = [Type] FROM [master].[cfg].[InstanceContext]
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''EXECUTE'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAWRITER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_OWNER'','''',''dbo'',1)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
IF @Type = ''DEVE''
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 1
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole','ActiveSystemServer','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleTPPos role.
|
|
|
|
Role Name: dbRoleTPPos
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleTPPos''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''EXECUTE'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAWRITER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DDLADMIN'','''',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','ActiveSystemServer','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleActivePharmacy role.
|
|
|
|
Role Name: dbRoleActivePharmacy
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleActivePharmacy''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''EXECUTE'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAWRITER'','''',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','Arizona','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleArizonaCASH role.
|
|
|
|
Role Name: dbRoleArizonaCASH
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleArizonaCASH''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''SP'',''GRANT'',''EXECUTE'',''aps_Check_Database_Version'',''dbo'',0)
|
|
,(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_Bmc_Applic_Default'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Currency_Rate'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Document_line'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Item'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''item_key'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Item_text'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Language'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''PH_item'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''PH_refund_code'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Sales_Tax_Rate'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Stock_trans_effective_cost'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Stock_transaction'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Stock_transaction_master'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''TT_GetNext_ID'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''UPDATE'',''TT_GetNext_ID'',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','Arizona','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleAtlas role.
|
|
|
|
Role Name: dbRoleAtlas
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleAtlas''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''SCHEMA'',''GRANT'',''DELETE'',''Entire Schema'',''atl'',0)
|
|
,(''SCHEMA'',''GRANT'',''EXECUTE'',''Entire Schema'',''atl'',0)
|
|
,(''SCHEMA'',''GRANT'',''INSERT'',''Entire Schema'',''atl'',0)
|
|
,(''SCHEMA'',''GRANT'',''SELECT'',''Entire Schema'',''atl'',0)
|
|
,(''SCHEMA'',''GRANT'',''UPDATE'',''Entire Schema'',''atl'',0)
|
|
,(''SP'',''GRANT'',''EXECUTE'',''aps_Document_Flow'',''dbo'',0)
|
|
,(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_Bmc_Applic_Default'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Account_link'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Address'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Address_key'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Bmc_application_default'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Bmc_application_key'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Bmc_user_profile'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Customer'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Document_header'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Document_line'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Document_line_link'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Document_type'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Entry'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Entry_reconciliation'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Item_key'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Organizational_unit'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''OU_store_history'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''PH_insurance'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''PH_insurance_card'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''PH_insurance_plan'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''PH_prescriber'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''PH_prescription_header'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''PH_prescription_line'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''PHGD_AC'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Predefined_entry'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Sales_tax_code'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Sales_tax_rate'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Stock_transaction_master'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Title_text'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''UPDATE'',''Document_header'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''UPDATE'',''Document_line'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''UPDATE'',''PH_prescription_line'',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','Arizona','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleCsltUsr role.
|
|
|
|
Role Name: dbRoleCsltUsr
|
|
TEMPLATE: N2 and PROD
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Type varchar(6),
|
|
@Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleCsltUsr''
|
|
SET @Command = ''''
|
|
|
|
SELECT @Type = [Type] FROM [master].[cfg].[InstanceContext]
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''EXECUTE'','''',''dbo'',0)
|
|
,(''DB'',''GRANT'',''SHOWPLAN'','''',''dbo'',0)
|
|
,(''DB'',''GRANT'',''VIEW DEFINITION'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAWRITER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_OWNER'','''',''dbo'',1)
|
|
,(''TABLE'',''DENY'',''DELETE'',''DocumentSignature'',''wkl'',0)
|
|
,(''TABLE'',''DENY'',''UPDATE'',''DocumentSignature'',''wkl'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
IF @Type = ''DEVE''
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 1
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole','Arizona','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleDataMonitoring role.
|
|
|
|
Role Name: dbRoleDataMonitoring
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleDataMonitoring''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
,(''SCHEMA'',''GRANT'',''DELETE'',''Entire Schema'',''dam'',0)
|
|
,(''SCHEMA'',''GRANT'',''EXECUTE'',''Entire Schema'',''dam'',0)
|
|
,(''SCHEMA'',''GRANT'',''INSERT'',''Entire Schema'',''dam'',0)
|
|
,(''SCHEMA'',''GRANT'',''SELECT'',''Entire Schema'',''dam'',0)
|
|
,(''SCHEMA'',''GRANT'',''UPDATE'',''Entire Schema'',''dam'',0)
|
|
,(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_Bmc_Applic_Default'',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','Arizona','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleDevUsr role.
|
|
|
|
Role Name: dbRoleDevUsr
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleDevUsr''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''EXECUTE'','''',''dbo'',0)
|
|
,(''DB'',''GRANT'',''SHOWPLAN'','''',''dbo'',0)
|
|
,(''DB'',''GRANT'',''VIEW DEFINITION'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAWRITER'','''',''dbo'',0)
|
|
,(''SP'',''GRANT'',''ALTER'',''%PH_Invoice%'',''dbo'',0)
|
|
,(''SP'',''GRANT'',''ALTER'',''%PH_Streamfact%'',''dbo'',0)
|
|
,(''TABLE'',''DENY'',''SELECT'',''DocumentSignature'',''wkl'',0)
|
|
,(''TABLE'',''DENY'',''UPDATE'',''DocumentSignature'',''wkl'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Document_header'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Document_line'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''PH_prescription_line'',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','Arizona','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleGcStock role.
|
|
|
|
Role Name: dbRoleGcStock
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleGcStock''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''SP'',''GRANT'',''EXECUTE'',''aps_Galenicare_Inventory_Detail'',''dbo'',0)
|
|
,(''SP'',''GRANT'',''EXECUTE'',''aps_PHID_Create_1_13'',''dbo'',0)
|
|
,(''SP'',''GRANT'',''EXECUTE'',''aps_PHID_Load'',''dbo'',0)
|
|
,(''SP'',''GRANT'',''EXECUTE'',''aps_TT_Physical_Inventory_Detail_Load'',''dbo'',0)
|
|
,(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_PHID_Create'',''dbo'',0)
|
|
,(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_PHID_Update'',''dbo'',0)
|
|
,(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_PHIM_Processing'',''dbo'',0)
|
|
,(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_Physical_Inv_Detail'',''dbo'',0)
|
|
,(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_Physical_Inv_Master'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''v_Galenicare_OU_List'',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','Arizona','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleGroupRepetition role.
|
|
|
|
Role Name: dbRoleGroupRepetition
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleGroupRepetition''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''SP'',''GRANT'',''EXECUTE'',''aps_Get_Sales_Detail'',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','Arizona','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleIttechUsr role.
|
|
|
|
Role Name: dbRoleIttechUsr
|
|
TEMPLATE: N2 and PROD
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Type varchar(6),
|
|
@Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleIttechUsr''
|
|
SET @Command = ''''
|
|
|
|
SELECT @Type = [Type] FROM [master].[cfg].[InstanceContext]
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''EXECUTE'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAWRITER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_OWNER'','''',''dbo'',1)
|
|
,(''TABLE'',''DENY'',''DELETE'',''DocumentSignature'',''wkl'',0)
|
|
,(''TABLE'',''DENY'',''UPDATE'',''DocumentSignature'',''wkl'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
IF @Type = ''DEVE''
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 1
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole','Arizona','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleSupUsr role.
|
|
|
|
Role Name: dbRoleSupUsr
|
|
TEMPLATE: N2 and PROD
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Type varchar(6),
|
|
@Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleSupUsr''
|
|
SET @Command = ''''
|
|
|
|
SELECT @Type = [Type] FROM [master].[cfg].[InstanceContext]
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''EXECUTE'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAWRITER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_OWNER'','''',''dbo'',1)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
IF @Type = ''DEVE''
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 1
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole','Arizona','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleSyncAccountingExtraction role.
|
|
|
|
Role Name: dbRoleSyncAccountingExtraction
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleSyncAccountingExtraction''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''EXECUTE'','''',''dbo'',0)
|
|
,(''DB'',''GRANT'',''VIEW DEFINITION'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAWRITER'','''',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','Arizona','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleTPPos role.
|
|
|
|
Role Name: dbRoleTPPos
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleTPPos''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''TABLE'',''GRANT'',''INSERT'',''DocumentSignature'',''wkl'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Bmc_application_default'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Bmc_application_key'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''DocumentSignature'',''wkl'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''IT_config_setting'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Organizational_unit'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''UPDATE'',''Bmc_application_default'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''UPDATE'',''Bmc_application_key'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''UPDATE'',''IT_config_setting'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''UPDATE'',''Organizational_unit'',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','Arizona','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleTriapharmChangeTracking role.
|
|
|
|
Role Name: dbRoleTriapharmChangeTracking
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleTriapharmChangeTracking''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''SP'',''GRANT'',''EXECUTE'',''SP_TRIABI_GetData'',''dbo'',0)
|
|
,(''SP'',''GRANT'',''EXECUTE'',''SP_TRIABI_GetMeta'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Address'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Address_category'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Address_category_text'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Address_criteria'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Address_group'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Address_group_text'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Address_key'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Address_link'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Address_type'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Bmc_application_default'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Bmc_application_key'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Bmc_user_profile'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Brand'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Brand_OU_link'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Brand_text'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Change_tracking_monitor'',''upd'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Company'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Country'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Criteria'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Criteria_text'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Criteria_type'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Criteria_type_text'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''DBA_change_tracking'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''DiscountVoucher'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''DiscountVoucherCondition'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''DiscountVoucherText'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''DL_Posology'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Document_header'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Document_line'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Document_line_link'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Document_type'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Document_type_text'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Employment_contract'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Employment_contract_history'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Fiscal_year'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Fixed_price'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''GoodsReceipt'',''wkl'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''GoodsReceiptLine'',''wkl'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Item'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Item_context'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Item_context_status'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Item_context_status_text'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Item_criteria'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Item_dispatch_header'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Item_dispatch_line'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Item_family'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Item_family_text'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Item_group'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Item_group_text'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Item_inventory'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Item_key'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''item_link'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Item_purchase'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Item_quantity'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Item_relation_info'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Item_sale'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Item_seasonal_stock_info'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Item_shipping'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Item_standard_cost'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Item_status_history'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Item_text'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Item_unit_conversion'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Job_function'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Job_function_text'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Language'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''LORE_item_ABC_code'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''LORE_supplying_procedure'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Manufacturer'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''MissedSale'',''wkl'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''OrderRequest'',''wkl'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''OrderRequestLine'',''wkl'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Organizational_unit'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''OU_store_history'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''OU_store_type'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''PH_insurance'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''PH_insurance_card'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''PH_insurance_plan'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''PH_insurance_recommendation'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''PH_item'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''PH_OICM_code'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''PH_OICM_code_text'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''PH_organizational_unit'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''PH_patient'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''PH_physician'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''PH_prescriber'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''PH_prescription_header'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''PH_prescription_line'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''PH_product'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''PH_qualification'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''PH_refund_code'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''PH_refund_code_text'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''PHGD_AC'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''PHGD_ACBARCODE'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''PHGD_ACCHAIN'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''PHGD_ACMED'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''PHGD_CODES'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''PHGD_CODETXT'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Predefined_entry'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Price_code'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Price_modifier'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Product_line'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Product_line_text'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Profit_cost_center'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Profit_cost_center_key'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''PurchaseReturn'',''wkl'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''PurchaseReturnLine'',''wkl'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Sales_tax_rate'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Standard_text'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Standard_text_text'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Status_text'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Subsidiary'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Supplier'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Tariff_type'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''VIP_card'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''VIP_card_type'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''VIP_card_type_link'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''WebShopStatusQueue'',''AP'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Address'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Address_category'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Address_category_text'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Address_criteria'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Address_group'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Address_group_text'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Address_key'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Address_link'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Address_type'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Bmc_application_default'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Bmc_application_key'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Bmc_user_profile'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Brand'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Brand_OU_link'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Brand_text'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Change_tracking_monitor'',''upd'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Company'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Country'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Criteria'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Criteria_text'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Criteria_type'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Criteria_type_text'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''DBA_change_tracking'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''DiscountVoucher'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''DiscountVoucherCondition'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''DiscountVoucherText'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''DL_Posology'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Document_header'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Document_line'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Document_line_link'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Document_type'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Document_type_text'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Employment_contract'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Employment_contract_history'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Fiscal_year'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Fixed_price'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''GoodsReceipt'',''wkl'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''GoodsReceiptLine'',''wkl'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Item'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Item_context'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Item_context_status'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Item_context_status_text'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Item_criteria'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Item_dispatch_header'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Item_dispatch_line'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Item_family'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Item_family_text'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Item_group'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Item_group_text'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Item_inventory'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Item_key'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''item_link'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Item_purchase'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Item_quantity'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Item_relation_info'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Item_sale'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Item_seasonal_stock_info'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Item_shipping'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Item_standard_cost'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Item_status_history'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Item_text'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Item_unit_conversion'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Job_function'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Job_function_text'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Language'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''LORE_item_ABC_code'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''LORE_supplying_procedure'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Manufacturer'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''MissedSale'',''wkl'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''OrderRequest'',''wkl'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''OrderRequestLine'',''wkl'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Organizational_unit'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''OU_store_history'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''OU_store_type'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''PH_insurance'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''PH_insurance_card'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''PH_insurance_plan'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''PH_insurance_recommendation'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''PH_item'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''PH_OICM_code'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''PH_OICM_code_text'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''PH_organizational_unit'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''PH_patient'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''PH_physician'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''PH_prescriber'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''PH_prescription_header'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''PH_prescription_line'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''PH_product'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''PH_qualification'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''PH_refund_code'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''PH_refund_code_text'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''PHGD_AC'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''PHGD_ACBARCODE'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''PHGD_ACCHAIN'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''PHGD_ACMED'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''PHGD_CODES'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''PHGD_CODETXT'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Predefined_entry'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Price_code'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Price_modifier'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Product_line'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Product_line_text'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Profit_cost_center'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Profit_cost_center_key'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''PurchaseReturn'',''wkl'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''PurchaseReturnLine'',''wkl'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Sales_tax_rate'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Standard_text'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Standard_text_text'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Status_text'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Subsidiary'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Supplier'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''Tariff_type'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''VIP_card'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''VIP_card_type'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''VIP_card_type_link'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''VIEW CHANGE TRACKING'',''WebShopStatusQueue'',''AP'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','Arizona','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleTriapharmCounter role.
|
|
|
|
Role Name: dbRoleTriapharmCounter
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleTriapharmCounter''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
,(''SP'',''GRANT'',''EXECUTE'',''aps_Document_Counter_1'',''dbo'',0)
|
|
,(''SP'',''GRANT'',''EXECUTE'',''aps_GetNextID'',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','Arizona','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleTriapharmUser role.
|
|
|
|
Role Name: dbRoleTriapharmUser
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleTriapharmUser''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''EXECUTE'','''',''dbo'',0)
|
|
,(''DB'',''GRANT'',''VIEW DEFINITION'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAWRITER'','''',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','Arizona','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleActivePharmacy role.
|
|
|
|
Role Name: dbRoleActivePharmacy
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleActivePharmacy''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''EXECUTE'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAWRITER'','''',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','ArizonaCASH','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleArizonaCASH role.
|
|
|
|
Role Name: dbRoleArizonaCASH
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleArizonaCASH''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''EXECUTE'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAWRITER'','''',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''ALTER'',''CR_cash_report_header'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''ALTER'',''CR_internal_operation'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''ALTER'',''CR_item_key'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''ALTER'',''CR_operation'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''ALTER'',''CR_point_of_sale'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''ALTER'',''CR_POS_data'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''ALTER'',''CR_print_report'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''ALTER'',''CR_sales_header'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''ALTER'',''CR_sales_item'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''ALTER'',''CR_sales_operation'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''ALTER'',''CR_sales_type'',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','ArizonaCASH','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleAtlas role.
|
|
|
|
Role Name: dbRoleAtlas
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleAtlas''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''TABLE'',''GRANT'',''SELECT'',''CR_operation'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''CR_sales_header'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''CR_sales_operation'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''CR_sales_type'',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','ArizonaCASH','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleCsltUsr role.
|
|
|
|
Role Name: dbRoleCsltUsr
|
|
TEMPLATE: N2 and PROD
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Type varchar(6),
|
|
@Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleCsltUsr''
|
|
SET @Command = ''''
|
|
|
|
SELECT @Type = [Type] FROM [master].[cfg].[InstanceContext]
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''EXECUTE'','''',''dbo'',0)
|
|
,(''DB'',''GRANT'',''SHOWPLAN'','''',''dbo'',0)
|
|
,(''DB'',''GRANT'',''VIEW DEFINITION'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAWRITER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_OWNER'','''',''dbo'',1)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
IF @Type = ''DEVE''
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 1
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole','ArizonaCASH','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleDevUsr role.
|
|
|
|
Role Name: dbRoleDevUsr
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleDevUsr''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''EXECUTE'','''',''dbo'',0)
|
|
,(''DB'',''GRANT'',''SHOWPLAN'','''',''dbo'',0)
|
|
,(''DB'',''GRANT'',''VIEW DEFINITION'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAWRITER'','''',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','ArizonaCASH','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleIttechUsr role.
|
|
|
|
Role Name: dbRoleIttechUsr
|
|
TEMPLATE: N2 and PROD
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Type varchar(6),
|
|
@Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleIttechUsr''
|
|
SET @Command = ''''
|
|
|
|
SELECT @Type = [Type] FROM [master].[cfg].[InstanceContext]
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''EXECUTE'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAWRITER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_OWNER'','''',''dbo'',1)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
IF @Type = ''DEVE''
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 1
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole','ArizonaCASH','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleSupUsr role.
|
|
|
|
Role Name: dbRoleSupUsr
|
|
TEMPLATE: N2 and PROD
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Type varchar(6),
|
|
@Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleSupUsr''
|
|
SET @Command = ''''
|
|
|
|
SELECT @Type = [Type] FROM [master].[cfg].[InstanceContext]
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''EXECUTE'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAWRITER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_OWNER'','''',''dbo'',1)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
IF @Type = ''DEVE''
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 1
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole','ArizonaCASH','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleSyncAccountingExtraction role.
|
|
|
|
Role Name: dbRoleSyncAccountingExtraction
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleSyncAccountingExtraction''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''EXECUTE'','''',''dbo'',0)
|
|
,(''DB'',''GRANT'',''VIEW DEFINITION'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAWRITER'','''',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','ArizonaCASH','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleTPPos role.
|
|
|
|
Role Name: dbRoleTPPos
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleTPPos''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''EXECUTE'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAWRITER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DDLADMIN'','''',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','ArizonaCASH','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleTriapharmUser role.
|
|
|
|
Role Name: dbRoleTriapharmUser
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleTriapharmUser''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''EXECUTE'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAWRITER'','''',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','ArizonaCASH','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleCsltUsr role.
|
|
|
|
Role Name: dbRoleCsltUsr
|
|
TEMPLATE: N2 and PROD
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Type varchar(6),
|
|
@Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleCsltUsr''
|
|
SET @Command = ''''
|
|
|
|
SELECT @Type = [Type] FROM [master].[cfg].[InstanceContext]
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''ROLE'',''GRANT'',''DB_OWNER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_OWNER'','''',''dbo'',1)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
IF @Type = ''DEVE''
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 1
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole','ArizonaCUST','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleDevUsr role.
|
|
|
|
Role Name: dbRoleDevUsr
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleDevUsr''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''EXECUTE'','''',''dbo'',0)
|
|
,(''DB'',''GRANT'',''SHOWPLAN'','''',''dbo'',0)
|
|
,(''DB'',''GRANT'',''VIEW DEFINITION'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','ArizonaCUST','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleIttechUsr role.
|
|
|
|
Role Name: dbRoleIttechUsr
|
|
TEMPLATE: N2 and PROD
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Type varchar(6),
|
|
@Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleIttechUsr''
|
|
SET @Command = ''''
|
|
|
|
SELECT @Type = [Type] FROM [master].[cfg].[InstanceContext]
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''EXECUTE'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_OWNER'','''',''dbo'',1)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
IF @Type = ''DEVE''
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 1
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole','ArizonaCUST','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleSupUsr role.
|
|
|
|
Role Name: dbRoleSupUsr
|
|
TEMPLATE: N2 and PROD
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Type varchar(6),
|
|
@Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleSupUsr''
|
|
SET @Command = ''''
|
|
|
|
SELECT @Type = [Type] FROM [master].[cfg].[InstanceContext]
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''EXECUTE'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_OWNER'','''',''dbo'',1)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
IF @Type = ''DEVE''
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 1
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole','ArizonaCUST','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleSyncAccountingExtraction role.
|
|
|
|
Role Name: dbRoleSyncAccountingExtraction
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleSyncAccountingExtraction''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''EXECUTE'','''',''dbo'',0)
|
|
,(''DB'',''GRANT'',''VIEW DEFINITION'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAWRITER'','''',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','ArizonaCUST','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleCsltUsr role.
|
|
|
|
Role Name: dbRoleCsltUsr
|
|
TEMPLATE: N2 and PROD
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Type varchar(6),
|
|
@Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleCsltUsr''
|
|
SET @Command = ''''
|
|
|
|
SELECT @Type = [Type] FROM [master].[cfg].[InstanceContext]
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''ROLE'',''GRANT'',''DB_OWNER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_OWNER'','''',''dbo'',1)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
IF @Type = ''DEVE''
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 1
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole','ArizonaLD','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleDevUsr role.
|
|
|
|
Role Name: dbRoleDevUsr
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleDevUsr''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''EXECUTE'','''',''dbo'',0)
|
|
,(''DB'',''GRANT'',''SHOWPLAN'','''',''dbo'',0)
|
|
,(''DB'',''GRANT'',''VIEW DEFINITION'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAWRITER'','''',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','ArizonaLD','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleIttechUsr role.
|
|
|
|
Role Name: dbRoleIttechUsr
|
|
TEMPLATE: N2 and PROD
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Type varchar(6),
|
|
@Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleIttechUsr''
|
|
SET @Command = ''''
|
|
|
|
SELECT @Type = [Type] FROM [master].[cfg].[InstanceContext]
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''EXECUTE'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAWRITER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_OWNER'','''',''dbo'',1)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
IF @Type = ''DEVE''
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 1
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole','ArizonaLD','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleSupUsr role.
|
|
|
|
Role Name: dbRoleSupUsr
|
|
TEMPLATE: N2 and PROD
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Type varchar(6),
|
|
@Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleSupUsr''
|
|
SET @Command = ''''
|
|
|
|
SELECT @Type = [Type] FROM [master].[cfg].[InstanceContext]
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''EXECUTE'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAWRITER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_OWNER'','''',''dbo'',1)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
IF @Type = ''DEVE''
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 1
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole','ArizonaLD','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleCsltUsr role.
|
|
|
|
Role Name: dbRoleCsltUsr
|
|
TEMPLATE: N2 and PROD
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Type varchar(6),
|
|
@Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleCsltUsr''
|
|
SET @Command = ''''
|
|
|
|
SELECT @Type = [Type] FROM [master].[cfg].[InstanceContext]
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''ROLE'',''GRANT'',''DB_OWNER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_OWNER'','''',''dbo'',1)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
IF @Type = ''DEVE''
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 1
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole','ArizonaTest','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleDevUsr role.
|
|
|
|
Role Name: dbRoleDevUsr
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleDevUsr''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''ROLE'',''GRANT'',''DB_OWNER'','''',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','ArizonaTest','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleIttechUsr role.
|
|
|
|
Role Name: dbRoleIttechUsr
|
|
TEMPLATE: N2 and PROD
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Type varchar(6),
|
|
@Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleIttechUsr''
|
|
SET @Command = ''''
|
|
|
|
SELECT @Type = [Type] FROM [master].[cfg].[InstanceContext]
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''ROLE'',''GRANT'',''DB_OWNER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_OWNER'','''',''dbo'',1)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
IF @Type = ''DEVE''
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 1
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole','ArizonaTest','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleSupUsr role.
|
|
|
|
Role Name: dbRoleSupUsr
|
|
TEMPLATE: N2 and PROD
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Type varchar(6),
|
|
@Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleSupUsr''
|
|
SET @Command = ''''
|
|
|
|
SELECT @Type = [Type] FROM [master].[cfg].[InstanceContext]
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''ROLE'',''GRANT'',''DB_OWNER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_OWNER'','''',''dbo'',1)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
IF @Type = ''DEVE''
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 1
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole','ArizonaTest','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleCsltUsr role.
|
|
|
|
Role Name: dbRoleCsltUsr
|
|
TEMPLATE: N2 and PROD
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Type varchar(6),
|
|
@Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleCsltUsr''
|
|
SET @Command = ''''
|
|
|
|
SELECT @Type = [Type] FROM [master].[cfg].[InstanceContext]
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''ROLE'',''GRANT'',''REPLMONITOR'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''REPLMONITOR'','''',''dbo'',1)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''MSdistribution_agents'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''MSdistribution_agents'',''dbo'',1)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''MSdistribution_history'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''MSdistribution_history'',''dbo'',1)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''MSrepl_commands'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''MSrepl_commands'',''dbo'',1)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''MSsubscriptions'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''MSsubscriptions'',''dbo'',1)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
IF @Type = ''DEVE''
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 1
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole','distribution','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleDevUsr role.
|
|
|
|
Role Name: dbRoleDevUsr
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleDevUsr''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''ROLE'',''GRANT'',''REPLMONITOR'','''',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''MSdistribution_agents'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''MSdistribution_history'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''MSrepl_commands'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''MSsubscriptions'',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','distribution','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleIttechUsr role.
|
|
|
|
Role Name: dbRoleIttechUsr
|
|
TEMPLATE: N2 and PROD
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Type varchar(6),
|
|
@Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleIttechUsr''
|
|
SET @Command = ''''
|
|
|
|
SELECT @Type = [Type] FROM [master].[cfg].[InstanceContext]
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''ROLE'',''GRANT'',''DB_OWNER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_OWNER'','''',''dbo'',1)
|
|
,(''ROLE'',''GRANT'',''REPLMONITOR'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''REPLMONITOR'','''',''dbo'',1)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
IF @Type = ''DEVE''
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 1
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole','distribution','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleSupUsr role.
|
|
|
|
Role Name: dbRoleSupUsr
|
|
TEMPLATE: N2 and PROD
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Type varchar(6),
|
|
@Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleSupUsr''
|
|
SET @Command = ''''
|
|
|
|
SELECT @Type = [Type] FROM [master].[cfg].[InstanceContext]
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''ROLE'',''GRANT'',''REPLMONITOR'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''REPLMONITOR'','''',''dbo'',1)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''MSdistribution_agents'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''MSdistribution_agents'',''dbo'',1)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''MSdistribution_history'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''MSdistribution_history'',''dbo'',1)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''MSrepl_commands'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''MSrepl_commands'',''dbo'',1)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''MSsubscriptions'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''MSsubscriptions'',''dbo'',1)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
IF @Type = ''DEVE''
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 1
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole','distribution','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleTPPos role.
|
|
|
|
Role Name: dbRoleTPPos
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleTPPos''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''EXECUTE'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAWRITER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DDLADMIN'','''',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','distribution','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleCsltUsr role.
|
|
|
|
Role Name: dbRoleCsltUsr
|
|
TEMPLATE: N2 and PROD
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Type varchar(6),
|
|
@Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleCsltUsr''
|
|
SET @Command = ''''
|
|
|
|
SELECT @Type = [Type] FROM [master].[cfg].[InstanceContext]
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''CREATE TABLE'','''',''dbo'',0)
|
|
,(''DB'',''GRANT'',''CREATE TABLE'','''',''dbo'',1)
|
|
,(''DB'',''GRANT'',''EXECUTE'','''',''dbo'',0)
|
|
,(''DB'',''GRANT'',''EXECUTE'','''',''dbo'',1)
|
|
,(''DB'',''GRANT'',''VIEW DEFINITION'','''',''dbo'',0)
|
|
,(''DB'',''GRANT'',''VIEW DEFINITION'','''',''dbo'',1)
|
|
,(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',1)
|
|
,(''SCHEMA'',''GRANT'',''ALTER'',''Entire Schema'',''tmp'',0)
|
|
,(''SCHEMA'',''GRANT'',''ALTER'',''Entire Schema'',''tmp'',1)
|
|
,(''SCHEMA'',''GRANT'',''DELETE'',''Entire Schema'',''tmp'',0)
|
|
,(''SCHEMA'',''GRANT'',''DELETE'',''Entire Schema'',''tmp'',1)
|
|
,(''SCHEMA'',''GRANT'',''EXECUTE'',''Entire Schema'',''tmp'',0)
|
|
,(''SCHEMA'',''GRANT'',''EXECUTE'',''Entire Schema'',''tmp'',1)
|
|
,(''SCHEMA'',''GRANT'',''INSERT'',''Entire Schema'',''tmp'',0)
|
|
,(''SCHEMA'',''GRANT'',''INSERT'',''Entire Schema'',''tmp'',1)
|
|
,(''SCHEMA'',''GRANT'',''SELECT'',''Entire Schema'',''tmp'',0)
|
|
,(''SCHEMA'',''GRANT'',''SELECT'',''Entire Schema'',''tmp'',1)
|
|
,(''SCHEMA'',''GRANT'',''UPDATE'',''Entire Schema'',''tmp'',0)
|
|
,(''SCHEMA'',''GRANT'',''UPDATE'',''Entire Schema'',''tmp'',1)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
IF @Type = ''DEVE''
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 1
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole','HCITools','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleDataMonitoring role.
|
|
|
|
Role Name: dbRoleDataMonitoring
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleDataMonitoring''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
,(''SCHEMA'',''GRANT'',''DELETE'',''Entire Schema'',''dam'',0)
|
|
,(''SCHEMA'',''GRANT'',''EXECUTE'',''Entire Schema'',''dam'',0)
|
|
,(''SCHEMA'',''GRANT'',''INSERT'',''Entire Schema'',''dam'',0)
|
|
,(''SCHEMA'',''GRANT'',''SELECT'',''Entire Schema'',''dam'',0)
|
|
,(''SCHEMA'',''GRANT'',''UPDATE'',''Entire Schema'',''dam'',0)
|
|
,(''SP'',''GRANT'',''EXECUTE'',''GetAllJobsInformations'',''mon'',0)
|
|
,(''SP'',''GRANT'',''EXECUTE'',''GetJobStepState'',''mon'',0)
|
|
,(''TABLE'',''GRANT'',''DELETE'',''HCI_PARAMS'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''INSERT'',''HCI_PARAMS'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''HCI_PARAMS'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''UPDATE'',''HCI_PARAMS'',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','HCITools','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleDevUsr role.
|
|
|
|
Role Name: dbRoleDevUsr
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleDevUsr''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''CREATE TABLE'','''',''dbo'',0)
|
|
,(''DB'',''GRANT'',''EXECUTE'','''',''dbo'',0)
|
|
,(''DB'',''GRANT'',''SHOWPLAN'','''',''dbo'',0)
|
|
,(''DB'',''GRANT'',''VIEW DEFINITION'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
,(''SCHEMA'',''GRANT'',''ALTER'',''Entire Schema'',''tmp'',0)
|
|
,(''SCHEMA'',''GRANT'',''DELETE'',''Entire Schema'',''tmp'',0)
|
|
,(''SCHEMA'',''GRANT'',''EXECUTE'',''Entire Schema'',''tmp'',0)
|
|
,(''SCHEMA'',''GRANT'',''INSERT'',''Entire Schema'',''tmp'',0)
|
|
,(''SCHEMA'',''GRANT'',''SELECT'',''Entire Schema'',''tmp'',0)
|
|
,(''SCHEMA'',''GRANT'',''UPDATE'',''Entire Schema'',''tmp'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','HCITools','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleIttechUsr role.
|
|
|
|
Role Name: dbRoleIttechUsr
|
|
TEMPLATE: N2 and PROD
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Type varchar(6),
|
|
@Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleIttechUsr''
|
|
SET @Command = ''''
|
|
|
|
SELECT @Type = [Type] FROM [master].[cfg].[InstanceContext]
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''CREATE TABLE'','''',''dbo'',0)
|
|
,(''DB'',''GRANT'',''CREATE TABLE'','''',''dbo'',1)
|
|
,(''DB'',''GRANT'',''EXECUTE'','''',''dbo'',0)
|
|
,(''DB'',''GRANT'',''EXECUTE'','''',''dbo'',1)
|
|
,(''DB'',''GRANT'',''VIEW DEFINITION'','''',''dbo'',0)
|
|
,(''DB'',''GRANT'',''VIEW DEFINITION'','''',''dbo'',1)
|
|
,(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',1)
|
|
,(''SCHEMA'',''GRANT'',''ALTER'',''Entire Schema'',''tmp'',0)
|
|
,(''SCHEMA'',''GRANT'',''ALTER'',''Entire Schema'',''tmp'',1)
|
|
,(''SCHEMA'',''GRANT'',''DELETE'',''Entire Schema'',''tmp'',0)
|
|
,(''SCHEMA'',''GRANT'',''DELETE'',''Entire Schema'',''tmp'',1)
|
|
,(''SCHEMA'',''GRANT'',''EXECUTE'',''Entire Schema'',''tmp'',0)
|
|
,(''SCHEMA'',''GRANT'',''EXECUTE'',''Entire Schema'',''tmp'',1)
|
|
,(''SCHEMA'',''GRANT'',''INSERT'',''Entire Schema'',''tmp'',0)
|
|
,(''SCHEMA'',''GRANT'',''INSERT'',''Entire Schema'',''tmp'',1)
|
|
,(''SCHEMA'',''GRANT'',''SELECT'',''Entire Schema'',''tmp'',0)
|
|
,(''SCHEMA'',''GRANT'',''SELECT'',''Entire Schema'',''tmp'',1)
|
|
,(''SCHEMA'',''GRANT'',''UPDATE'',''Entire Schema'',''tmp'',0)
|
|
,(''SCHEMA'',''GRANT'',''UPDATE'',''Entire Schema'',''tmp'',1)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
IF @Type = ''DEVE''
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 1
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole','HCITools','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleNagiosMonitoring role.
|
|
|
|
Role Name: dbRoleNagiosMonitoring
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleNagiosMonitoring''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''TABLE'',''GRANT'',''SELECT'',''v_ReplicationCheck'',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','HCITools','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleSSRSMonitoring role.
|
|
|
|
Role Name: dbRoleSSRSMonitoring
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleSSRSMonitoring''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''SP'',''GRANT'',''EXECUTE'',''mon_Get_Counters_History'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''Monitoring_%'',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','HCITools','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleSupUsr role.
|
|
|
|
Role Name: dbRoleSupUsr
|
|
TEMPLATE: N2 and PROD
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Type varchar(6),
|
|
@Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleSupUsr''
|
|
SET @Command = ''''
|
|
|
|
SELECT @Type = [Type] FROM [master].[cfg].[InstanceContext]
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''CREATE TABLE'','''',''dbo'',0)
|
|
,(''DB'',''GRANT'',''CREATE TABLE'','''',''dbo'',1)
|
|
,(''DB'',''GRANT'',''EXECUTE'','''',''dbo'',0)
|
|
,(''DB'',''GRANT'',''EXECUTE'','''',''dbo'',1)
|
|
,(''DB'',''GRANT'',''VIEW DEFINITION'','''',''dbo'',0)
|
|
,(''DB'',''GRANT'',''VIEW DEFINITION'','''',''dbo'',1)
|
|
,(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',1)
|
|
,(''SCHEMA'',''GRANT'',''ALTER'',''Entire Schema'',''tmp'',0)
|
|
,(''SCHEMA'',''GRANT'',''ALTER'',''Entire Schema'',''tmp'',1)
|
|
,(''SCHEMA'',''GRANT'',''DELETE'',''Entire Schema'',''tmp'',0)
|
|
,(''SCHEMA'',''GRANT'',''DELETE'',''Entire Schema'',''tmp'',1)
|
|
,(''SCHEMA'',''GRANT'',''EXECUTE'',''Entire Schema'',''tmp'',0)
|
|
,(''SCHEMA'',''GRANT'',''EXECUTE'',''Entire Schema'',''tmp'',1)
|
|
,(''SCHEMA'',''GRANT'',''INSERT'',''Entire Schema'',''tmp'',0)
|
|
,(''SCHEMA'',''GRANT'',''INSERT'',''Entire Schema'',''tmp'',1)
|
|
,(''SCHEMA'',''GRANT'',''SELECT'',''Entire Schema'',''tmp'',0)
|
|
,(''SCHEMA'',''GRANT'',''SELECT'',''Entire Schema'',''tmp'',1)
|
|
,(''SCHEMA'',''GRANT'',''UPDATE'',''Entire Schema'',''tmp'',0)
|
|
,(''SCHEMA'',''GRANT'',''UPDATE'',''Entire Schema'',''tmp'',1)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
IF @Type = ''DEVE''
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 1
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole','HCITools','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleAtlas role.
|
|
|
|
Role Name: dbRoleAtlas
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleAtlas''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''TABLE'',''GRANT'',''SELECT'',''InstanceContext'',''cfg'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','master','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleSyncAccountingExtraction role.
|
|
|
|
Role Name: dbRoleSyncAccountingExtraction
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleSyncAccountingExtraction''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''TABLE'',''GRANT'',''SELECT'',''Identity'',''cfg'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''InstanceContext'',''cfg'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','master','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleTPPos role.
|
|
|
|
Role Name: dbRoleTPPos
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleTPPos''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''EXECUTE'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAWRITER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DDLADMIN'','''',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','master','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleCsltUsr role.
|
|
|
|
Role Name: dbRoleCsltUsr
|
|
TEMPLATE: N2 and PROD
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Type varchar(6),
|
|
@Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleCsltUsr''
|
|
SET @Command = ''''
|
|
|
|
SELECT @Type = [Type] FROM [master].[cfg].[InstanceContext]
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''ROLE'',''GRANT'',''DATABASEMAILUSERROLE'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DATABASEMAILUSERROLE'','''',''dbo'',1)
|
|
,(''ROLE'',''GRANT'',''DB_OWNER'','''',''dbo'',1)
|
|
,(''ROLE'',''GRANT'',''SQLAGENTOPERATORROLE'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''SQLAGENTOPERATORROLE'','''',''dbo'',1)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''sysjobs'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''sysjobsteps'',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
IF @Type = ''DEVE''
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 1
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole','msdb','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleDataMonitoring role.
|
|
|
|
Role Name: dbRoleDataMonitoring
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleDataMonitoring''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''SP'',''GRANT'',''EXECUTE'',''agent_datetime'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''sysjobactivity'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''sysjobhistory'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''sysjobs'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''sysjobschedules'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''sysschedules'',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','msdb','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleDevUsr role.
|
|
|
|
Role Name: dbRoleDevUsr
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleDevUsr''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''ROLE'',''GRANT'',''DATABASEMAILUSERROLE'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''SQLAGENTOPERATORROLE'','''',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''sysjobs'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''sysjobsteps'',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','msdb','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleIttechUsr role.
|
|
|
|
Role Name: dbRoleIttechUsr
|
|
TEMPLATE: N2 and PROD
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Type varchar(6),
|
|
@Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleIttechUsr''
|
|
SET @Command = ''''
|
|
|
|
SELECT @Type = [Type] FROM [master].[cfg].[InstanceContext]
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''ROLE'',''GRANT'',''DATABASEMAILUSERROLE'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',1)
|
|
,(''ROLE'',''GRANT'',''DB_DATAWRITER'','''',''dbo'',1)
|
|
,(''ROLE'',''GRANT'',''DB_OWNER'','''',''dbo'',1)
|
|
,(''ROLE'',''GRANT'',''SQLAGENTOPERATORROLE'','''',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
IF @Type = ''DEVE''
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 1
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole','msdb','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleSupUsr role.
|
|
|
|
Role Name: dbRoleSupUsr
|
|
TEMPLATE: N2 and PROD
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Type varchar(6),
|
|
@Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleSupUsr''
|
|
SET @Command = ''''
|
|
|
|
SELECT @Type = [Type] FROM [master].[cfg].[InstanceContext]
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''ROLE'',''GRANT'',''DATABASEMAILUSERROLE'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DATABASEMAILUSERROLE'','''',''dbo'',1)
|
|
,(''ROLE'',''GRANT'',''DB_OWNER'','''',''dbo'',1)
|
|
,(''ROLE'',''GRANT'',''SQLAGENTOPERATORROLE'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''SQLAGENTOPERATORROLE'','''',''dbo'',1)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
IF @Type = ''DEVE''
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 1
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole','msdb','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleTPPos role.
|
|
|
|
Role Name: dbRoleTPPos
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleTPPos''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''ROLE'',''GRANT'',''DB_DDLADMIN'','''',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''sysjobactivity'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''sysjobs'',''dbo'',0)
|
|
,(''TABLE'',''GRANT'',''SELECT'',''sysjobs_view'',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','msdb','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleCsltUsr role.
|
|
|
|
Role Name: dbRoleCsltUsr
|
|
TEMPLATE: N2 and PROD
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Type varchar(6),
|
|
@Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleCsltUsr''
|
|
SET @Command = ''''
|
|
|
|
SELECT @Type = [Type] FROM [master].[cfg].[InstanceContext]
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''ROLE'',''GRANT'',''DB_OWNER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_OWNER'','''',''dbo'',1)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
IF @Type = ''DEVE''
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 1
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole','Symbiose','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleDevUsr role.
|
|
|
|
Role Name: dbRoleDevUsr
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleDevUsr''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''ROLE'',''GRANT'',''DB_OWNER'','''',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','Symbiose','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleIttechUsr role.
|
|
|
|
Role Name: dbRoleIttechUsr
|
|
TEMPLATE: N2 and PROD
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Type varchar(6),
|
|
@Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleIttechUsr''
|
|
SET @Command = ''''
|
|
|
|
SELECT @Type = [Type] FROM [master].[cfg].[InstanceContext]
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''ROLE'',''GRANT'',''DB_OWNER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_OWNER'','''',''dbo'',1)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
IF @Type = ''DEVE''
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 1
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole','Symbiose','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleSupUsr role.
|
|
|
|
Role Name: dbRoleSupUsr
|
|
TEMPLATE: N2 and PROD
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Type varchar(6),
|
|
@Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleSupUsr''
|
|
SET @Command = ''''
|
|
|
|
SELECT @Type = [Type] FROM [master].[cfg].[InstanceContext]
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''ROLE'',''GRANT'',''DB_OWNER'','''',''dbo'',0)
|
|
,(''ROLE'',''GRANT'',''DB_OWNER'','''',''dbo'',1)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
IF @Type = ''DEVE''
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 1
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
END
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole','Symbiose','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleDevUsr role.
|
|
|
|
Role Name: dbRoleDevUsr
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleDevUsr''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''ROLE'',''GRANT'',''DB_OWNER'','''',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','Golabo','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleGaia role.
|
|
|
|
Role Name: dbRoleGaia
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleGaia''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','Arizona','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleQAtesters role.
|
|
|
|
Role Name: dbRoleQAtesters
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleQAtesters''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','ActivePos_read','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleQAtesters role.
|
|
|
|
Role Name: dbRoleQAtesters
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleQAtesters''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','ActivePos_server','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleQAtesters role.
|
|
|
|
Role Name: dbRoleQAtesters
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleQAtesters''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','ActivePos_write','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleQAtesters role.
|
|
|
|
Role Name: dbRoleQAtesters
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleQAtesters''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','ActiveSystemClient','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleQAtesters role.
|
|
|
|
Role Name: dbRoleQAtesters
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleQAtesters''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','ActiveSystemServer','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleQAtesters role.
|
|
|
|
Role Name: dbRoleQAtesters
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleQAtesters''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','Arizona','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleQAtesters role.
|
|
|
|
Role Name: dbRoleQAtesters
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleQAtesters''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','ArizonaCASH','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleQAtesters role.
|
|
|
|
Role Name: dbRoleQAtesters
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleQAtesters''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','ArizonaCUST','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleQAtesters role.
|
|
|
|
Role Name: dbRoleQAtesters
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleQAtesters''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','ArizonaLD','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleTPSSIS role.
|
|
|
|
Role Name: dbRoleTPSSIS
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleTPSSIS''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','Arizona','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRolePOUsr role.
|
|
|
|
Role Name: dbRolePOUsr
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRolePOUsr''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','ActivePos_read','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRolePOUsr role.
|
|
|
|
Role Name: dbRolePOUsr
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRolePOUsr''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','ActivePos_server','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRolePOUsr role.
|
|
|
|
Role Name: dbRolePOUsr
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRolePOUsr''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','ActivePos_write','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRolePOUsr role.
|
|
|
|
Role Name: dbRolePOUsr
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRolePOUsr''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','ActiveSystemClient','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRolePOUsr role.
|
|
|
|
Role Name: dbRolePOUsr
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRolePOUsr''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','ActiveSystemServer','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRolePOUsr role.
|
|
|
|
Role Name: dbRolePOUsr
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRolePOUsr''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','Arizona','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRolePOUsr role.
|
|
|
|
Role Name: dbRolePOUsr
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRolePOUsr''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','ArizonaCASH','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRolePOUsr role.
|
|
|
|
Role Name: dbRolePOUsr
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRolePOUsr''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','ArizonaCUST','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRolePOUsr role.
|
|
|
|
Role Name: dbRolePOUsr
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRolePOUsr''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','ArizonaLD','Pharmacies')
|
|
|
|
INSERT INTO #AllRoles(STR_Definition,STR_Database,STR_Product)VALUES('
|
|
|
|
/*=============================================================================
|
|
|
|
Script to create dbRoleAppMgrUsr role.
|
|
|
|
Role Name: dbRoleAppMgrUsr
|
|
TEMPLATE: Default
|
|
|
|
EXAMPLE OF SECURABLES TO SET:
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''DB'',''GRANT'',''VIEW DEFINITION'','''',''''),
|
|
(''SCHEMA'',''GRANT'',''SELECT,EXECUTE,INSERT,UPDATE,DELETE'','''',''AP''),
|
|
(''TABLE'',''GRANT'',''INSERT,UPDATE'',''Address'',''dbo''),
|
|
(''SP'',''GRANT'',''EXECUTE'',''sp_bmc_GetNextID'',''dbo''),
|
|
(''ROLE'',''GRANT'',''db_datareader'','''','''')
|
|
|
|
-----------------------------------------------
|
|
|
|
Generate date : 2023-05-12 / up208700
|
|
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@Users varchar(255),
|
|
@typeofobject varchar(50),
|
|
@grantordeny varchar(10),
|
|
@rightsaction varchar(255),
|
|
@objectname varchar(255),
|
|
@schemaid varchar(10),
|
|
@sysTarget varchar(255),
|
|
@sysType varchar(255)
|
|
|
|
SET @RoleName = ''dbRoleAppMgrUsr''
|
|
SET @Command = ''''
|
|
|
|
/* TEMP TABLES */
|
|
CREATE TABLE #UsersOnRole(username varchar(255))
|
|
CREATE TABLE #Securables(typeofobject varchar(50), grantordeny varchar(10), rightsaction varchar(255), objectname varchar(255), schemaid varchar(10),N2 bit)
|
|
|
|
/* !!! LIST OF SECURABLES TO CHANGE !!! */
|
|
|
|
INSERT INTO #Securables
|
|
VALUES
|
|
(''ROLE'',''GRANT'',''DB_DATAREADER'','''',''dbo'',0)
|
|
|
|
|
|
/* GET ALL USERS ON THIS ROLE */
|
|
INSERT INTO #UsersOnRole
|
|
SELECT
|
|
members.name
|
|
FROM sys.database_role_members
|
|
JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id
|
|
JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id
|
|
WHERE roles.name = @RoleName
|
|
|
|
/* CREATE ROLE */
|
|
SELECT @Command = ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = '''''' + @RoleName + '''''' AND type = ''''R'''')
|
|
BEGIN
|
|
CREATE ROLE ['' + @RoleName + ''] AUTHORIZATION [dbo]
|
|
PRINT ''''CREATE ROLE ['' + @RoleName + '']''''
|
|
END
|
|
''
|
|
EXEC sp_executesql @Command
|
|
|
|
SET @Command = ''
|
|
DECLARE @SP_Name varchar(255)
|
|
|
|
''
|
|
|
|
/* SET ALL ROLE SECURABLES */
|
|
DECLARE SecurablesCurs CURSOR FOR
|
|
SELECT typeofobject, grantordeny, rightsaction, objectname, schemaid
|
|
FROM #Securables
|
|
WHERE N2 = 0
|
|
|
|
OPEN SecurablesCurs
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''DB''
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''DATABASE'') WHERE permission_name = '''' + @rightsaction + '''')
|
|
BEGIN
|
|
SET @Command = @Command + @grantordeny + '' '' + @rightsaction + '' TO ['' + @RoleName + '']
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''SCHEMA''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''SCHEMA'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON SCHEMA::'' + @schemaid + '' TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject in(''TABLE'',''SP'',''FUNCTIONS'',''VIEWS'')
|
|
BEGIN
|
|
|
|
IF @objectname like ''%[%]%''
|
|
BEGIN
|
|
|
|
IF @typeofobject = ''TABLE''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.tables''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''SP''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.procedures''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
IF @typeofobject = ''FUNCTIONS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.objects''
|
|
SET @sysType = '' and p.Type IN ( N''''FN'''', N''''IF'''', N''''TF'''', N''''FS'''', N''''FT'''' )''
|
|
END
|
|
|
|
IF @typeofobject = ''VIEWS''
|
|
BEGIN
|
|
SET @sysTarget = ''sys.views''
|
|
SET @sysType = ''''
|
|
END
|
|
|
|
SET @Command = @Command + ''
|
|
DECLARE SP_cursor CURSOR FOR
|
|
SELECT p.name FROM '' + @sysTarget + '' p JOIN sys.schemas s ON s.schema_id = p.schema_id WHERE (p.name like '''''' + @objectname + '''''') and s.name = '''''' + @schemaid + '''' + @sysType + ''''''
|
|
|
|
OPEN SP_cursor
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
EXEC('''''' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['''' + @SP_Name + ''''] TO ['' + @RoleName + '']'''')
|
|
END
|
|
FETCH NEXT FROM SP_cursor INTO @SP_Name
|
|
END
|
|
|
|
CLOSE SP_cursor
|
|
DEALLOCATE SP_cursor
|
|
|
|
''
|
|
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.objects o WITH (NOLOCK) JOIN sys.schemas s ON s.schema_id = o.schema_id WHERE o.name = '''''' + @objectname + '''''' AND o.type IN (N''''U'''',''''P'''',''''V'''',''''FN'''',''''IF'''',''''TF'''') AND s.name = '''''' + @schemaid + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''OBJECT'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + '' ON ['' + @schemaid + ''].['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
END
|
|
|
|
IF @typeofobject = ''ASSEMBLIES''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE NAME = '''''' + @objectname + '''''')
|
|
BEGIN
|
|
IF EXISTS(SELECT 1 FROM sys.fn_builtin_permissions(''''ASSEMBLY'''') WHERE permission_name = '''''' + @rightsaction + '''''')
|
|
BEGIN
|
|
'' + @grantordeny + '' '' + @rightsaction + ''::['' + @objectname + ''] TO ['' + @RoleName + '']
|
|
END
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
IF @typeofobject = ''ROLE''
|
|
BEGIN
|
|
SET @Command = @Command + ''
|
|
IF NOT EXISTS (SELECT 1 FROM sys.database_role_members JOIN sys.database_principals roles ON database_role_members.role_principal_id = roles.principal_id JOIN sys.database_principals members ON database_role_members.member_principal_id = members.principal_id WHERE roles.name = '''''' + @rightsaction + '''''' AND members.name = '''''' + @RoleName + '''''')
|
|
BEGIN
|
|
EXEC sp_addrolemember N'''''' + @rightsaction + '''''', N'''''' + @RoleName + ''''''
|
|
END
|
|
|
|
''
|
|
END
|
|
|
|
FETCH NEXT FROM SecurablesCurs INTO @typeofobject, @grantordeny, @rightsaction, @objectname, @schemaid
|
|
END
|
|
|
|
CLOSE SecurablesCurs
|
|
DEALLOCATE SecurablesCurs
|
|
|
|
PRINT ''SET ALL SECURABLES ON ROLE ['' + @RoleName + '']''
|
|
EXEC sp_executesql @Command
|
|
|
|
/* ADD USER */
|
|
DECLARE UsersCurs CURSOR FOR
|
|
SELECT username
|
|
FROM #UsersOnRole
|
|
|
|
OPEN UsersCurs
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = ''
|
|
EXEC sp_addrolemember N'''''' + @RoleName + '''''', N'''''' + @Users + ''''''
|
|
PRINT ''''ADD USER ['' + @Users + ''] ON ROLE ['' + @RoleName + '']''''
|
|
''
|
|
|
|
FETCH NEXT FROM UsersCurs INTO @Users
|
|
END
|
|
|
|
CLOSE UsersCurs
|
|
DEALLOCATE UsersCurs
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
|
|
/*=============================================================================
|
|
Drop temp tables
|
|
=============================================================================*/
|
|
DROP TABLE #Securables
|
|
DROP TABLE #UsersOnRole
|
|
','Arizona','Pharmacies')
|
|
|
|
|
|
/*=============================================================================
|
|
Script to create / map all users and execute every roles on databases
|
|
=============================================================================*/
|
|
|
|
DECLARE @Command nvarchar(max),
|
|
@RoleName varchar(60),
|
|
@username varchar(255),
|
|
@Database VARCHAR(255)
|
|
|
|
SET @rolename = ''
|
|
SET @username = ''
|
|
SET @Command = ''
|
|
SET @Database = ''
|
|
|
|
CREATE TABLE #AllUsersAndRoles(databasename varchar(255), rolename varchar(255), username varchar(255))
|
|
|
|
INSERT INTO #AllUsersAndRoles
|
|
VALUES
|
|
('ActivePos_read','dbRoleActivePharmacy','sqlAppAPHUsr'),
|
|
('ActivePos_read','dbRoleCsltUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_Applications_Services'),
|
|
('ActivePos_read','dbRoleCsltUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Workstations_Applications_Services'),
|
|
('ActivePos_read','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_Applications_Services'),
|
|
('ActivePos_read','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Workstations_Applications_Services'),
|
|
('ActivePos_read','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_Applications_Services'),
|
|
('ActivePos_read','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Workstations_Applications_Services'),
|
|
('ActivePos_read','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_Applications_Services'),
|
|
('ActivePos_read','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Workstations_Applications_Services'),
|
|
('ActivePos_read','dbRoleCsltUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_Applications_Services'),
|
|
('ActivePos_read','dbRoleCsltUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Workstations_Applications_Services'),
|
|
('ActivePos_read','dbRoleCsltUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_Applications_Services'),
|
|
('ActivePos_read','dbRoleCsltUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Workstations_Applications_Services'),
|
|
('ActivePos_read','dbRoleDevUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_Development'),
|
|
('ActivePos_read','dbRoleDevUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Workstations_Development'),
|
|
('ActivePos_read','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_Development'),
|
|
('ActivePos_read','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Workstations_Development'),
|
|
('ActivePos_read','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_Development'),
|
|
('ActivePos_read','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Workstations_Development'),
|
|
('ActivePos_read','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_Development'),
|
|
('ActivePos_read','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Workstations_Development'),
|
|
('ActivePos_read','dbRoleDevUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_Development'),
|
|
('ActivePos_read','dbRoleDevUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Workstations_Development'),
|
|
('ActivePos_read','dbRoleDevUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_Development'),
|
|
('ActivePos_read','dbRoleDevUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Workstations_Development'),
|
|
('ActivePos_read','dbRoleIttechUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_IT_Field'),
|
|
('ActivePos_read','dbRoleIttechUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_IT_Field'),
|
|
('ActivePos_read','dbRoleIttechUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_IT_Field'),
|
|
('ActivePos_read','dbRoleIttechUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_IT_Field'),
|
|
('ActivePos_read','dbRoleIttechUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_IT_Field'),
|
|
('ActivePos_read','dbRoleIttechUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_IT_Field'),
|
|
('ActivePos_read','dbRolePOUsr','AMAVITA\L-AM-AP-SQL-AMA_Pharmacy_Servers_Product_Owner'),
|
|
('ActivePos_read','dbRolePOUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_Product_Owner'),
|
|
('ActivePos_read','dbRolePOUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_Product_Owner'),
|
|
('ActivePos_read','dbRolePOUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_Product_Owner'),
|
|
('ActivePos_read','dbRolePOUsr','COOP-VITALITY\L-CV-AP-SQL-CVI_Pharmacy_Servers_Product_Owner'),
|
|
('ActivePos_read','dbRolePOUsr','SUNSTORE\L-SU-AP-SQL-SUN_Pharmacy_Servers_Product_Owner'),
|
|
('ActivePos_read','dbRoleQAtesters','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_QA_Testers'),
|
|
('ActivePos_read','dbRoleQAtesters','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_QA_Testers'),
|
|
('ActivePos_read','dbRoleQAtesters','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_QA_Testers'),
|
|
('ActivePos_read','dbRoleQAtesters','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_QA_Testers'),
|
|
('ActivePos_read','dbRoleQAtesters','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_QA_Testers'),
|
|
('ActivePos_read','dbRoleQAtesters','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_QA_Testers'),
|
|
('ActivePos_read','dbRoleSupUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_User_Support_Training'),
|
|
('ActivePos_read','dbRoleSupUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Workstations_User_Support_Training'),
|
|
('ActivePos_read','dbRoleSupUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_User_Support_Training'),
|
|
('ActivePos_read','dbRoleSupUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Workstations_User_Support_Training'),
|
|
('ActivePos_read','dbRoleSupUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_User_Support_Training'),
|
|
('ActivePos_read','dbRoleSupUsr','CENTRALINFRA\L-CI-AP-SQL-cvi-Pharmacy_Workstations_User_Support_Training'),
|
|
('ActivePos_read','dbRoleSupUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_User_Support_Training'),
|
|
('ActivePos_read','dbRoleSupUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Workstations_User_Support_Training'),
|
|
('ActivePos_read','dbRoleSupUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_User_Support_Training'),
|
|
('ActivePos_read','dbRoleSupUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Workstations_User_Support_Training'),
|
|
('ActivePos_read','dbRoleSupUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_User_Support_Training'),
|
|
('ActivePos_read','dbRoleSupUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Workstations_User_Support_Training'),
|
|
('ActivePos_read','dbRoleTPPos','sqlLksrvTPPosusr'),
|
|
('ActivePos_server','dbRoleActiveConfig','ActiveConfig'),
|
|
('ActivePos_server','dbRoleActivePharmacy','sqlAppAPHUsr'),
|
|
('ActivePos_server','dbRoleCsltUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_Applications_Services'),
|
|
('ActivePos_server','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_Applications_Services'),
|
|
('ActivePos_server','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_Applications_Services'),
|
|
('ActivePos_server','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_Applications_Services'),
|
|
('ActivePos_server','dbRoleCsltUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_Applications_Services'),
|
|
('ActivePos_server','dbRoleCsltUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_Applications_Services'),
|
|
('ActivePos_server','dbRoleDevUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_Development'),
|
|
('ActivePos_server','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_Development'),
|
|
('ActivePos_server','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_Development'),
|
|
('ActivePos_server','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_Development'),
|
|
('ActivePos_server','dbRoleDevUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_Development'),
|
|
('ActivePos_server','dbRoleDevUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_Development'),
|
|
('ActivePos_server','dbRoleIttechUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_IT_Field'),
|
|
('ActivePos_server','dbRoleIttechUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_IT_Field'),
|
|
('ActivePos_server','dbRoleIttechUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_IT_Field'),
|
|
('ActivePos_server','dbRoleIttechUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_IT_Field'),
|
|
('ActivePos_server','dbRoleIttechUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_IT_Field'),
|
|
('ActivePos_server','dbRoleIttechUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_IT_Field'),
|
|
('ActivePos_server','dbRolePOUsr','AMAVITA\L-AM-AP-SQL-AMA_Pharmacy_Servers_Product_Owner'),
|
|
('ActivePos_server','dbRolePOUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_Product_Owner'),
|
|
('ActivePos_server','dbRolePOUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_Product_Owner'),
|
|
('ActivePos_server','dbRolePOUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_Product_Owner'),
|
|
('ActivePos_server','dbRolePOUsr','COOP-VITALITY\L-CV-AP-SQL-CVI_Pharmacy_Servers_Product_Owner'),
|
|
('ActivePos_server','dbRolePOUsr','SUNSTORE\L-SU-AP-SQL-SUN_Pharmacy_Servers_Product_Owner'),
|
|
('ActivePos_server','dbRoleQAtesters','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_QA_Testers'),
|
|
('ActivePos_server','dbRoleQAtesters','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_QA_Testers'),
|
|
('ActivePos_server','dbRoleQAtesters','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_QA_Testers'),
|
|
('ActivePos_server','dbRoleQAtesters','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_QA_Testers'),
|
|
('ActivePos_server','dbRoleQAtesters','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_QA_Testers'),
|
|
('ActivePos_server','dbRoleQAtesters','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_QA_Testers'),
|
|
('ActivePos_server','dbRoleSupUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_User_Support_Training'),
|
|
('ActivePos_server','dbRoleSupUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_User_Support_Training'),
|
|
('ActivePos_server','dbRoleSupUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_User_Support_Training'),
|
|
('ActivePos_server','dbRoleSupUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_User_Support_Training'),
|
|
('ActivePos_server','dbRoleSupUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_User_Support_Training'),
|
|
('ActivePos_server','dbRoleSupUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_User_Support_Training'),
|
|
('ActivePos_server','dbRoleTPPos','sqlLksrvTPPosusr'),
|
|
('ActivePos_write','dbRoleActiveConfig','ActiveConfig'),
|
|
('ActivePos_write','dbRoleActivePharmacy','sqlAppAPHUsr'),
|
|
('ActivePos_write','dbRoleCsltUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_Applications_Services'),
|
|
('ActivePos_write','dbRoleCsltUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Workstations_Applications_Services'),
|
|
('ActivePos_write','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_Applications_Services'),
|
|
('ActivePos_write','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Workstations_Applications_Services'),
|
|
('ActivePos_write','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_Applications_Services'),
|
|
('ActivePos_write','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Workstations_Applications_Services'),
|
|
('ActivePos_write','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_Applications_Services'),
|
|
('ActivePos_write','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Workstations_Applications_Services'),
|
|
('ActivePos_write','dbRoleCsltUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_Applications_Services'),
|
|
('ActivePos_write','dbRoleCsltUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Workstations_Applications_Services'),
|
|
('ActivePos_write','dbRoleCsltUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_Applications_Services'),
|
|
('ActivePos_write','dbRoleCsltUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Workstations_Applications_Services'),
|
|
('ActivePos_write','dbRoleDevUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_Development'),
|
|
('ActivePos_write','dbRoleDevUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Workstations_Development'),
|
|
('ActivePos_write','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_Development'),
|
|
('ActivePos_write','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Workstations_Development'),
|
|
('ActivePos_write','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_Development'),
|
|
('ActivePos_write','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Workstations_Development'),
|
|
('ActivePos_write','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_Development'),
|
|
('ActivePos_write','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Workstations_Development'),
|
|
('ActivePos_write','dbRoleDevUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_Development'),
|
|
('ActivePos_write','dbRoleDevUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Workstations_Development'),
|
|
('ActivePos_write','dbRoleDevUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_Development'),
|
|
('ActivePos_write','dbRoleDevUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Workstations_Development'),
|
|
('ActivePos_write','dbRoleIttechUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_IT_Field'),
|
|
('ActivePos_write','dbRoleIttechUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_IT_Field'),
|
|
('ActivePos_write','dbRoleIttechUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_IT_Field'),
|
|
('ActivePos_write','dbRoleIttechUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_IT_Field'),
|
|
('ActivePos_write','dbRoleIttechUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_IT_Field'),
|
|
('ActivePos_write','dbRoleIttechUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_IT_Field'),
|
|
('ActivePos_write','dbRolePOUsr','AMAVITA\L-AM-AP-SQL-AMA_Pharmacy_Servers_Product_Owner'),
|
|
('ActivePos_write','dbRolePOUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_Product_Owner'),
|
|
('ActivePos_write','dbRolePOUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_Product_Owner'),
|
|
('ActivePos_write','dbRolePOUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_Product_Owner'),
|
|
('ActivePos_write','dbRolePOUsr','COOP-VITALITY\L-CV-AP-SQL-CVI_Pharmacy_Servers_Product_Owner'),
|
|
('ActivePos_write','dbRolePOUsr','SUNSTORE\L-SU-AP-SQL-SUN_Pharmacy_Servers_Product_Owner'),
|
|
('ActivePos_write','dbRoleQAtesters','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_QA_Testers'),
|
|
('ActivePos_write','dbRoleQAtesters','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_QA_Testers'),
|
|
('ActivePos_write','dbRoleQAtesters','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_QA_Testers'),
|
|
('ActivePos_write','dbRoleQAtesters','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_QA_Testers'),
|
|
('ActivePos_write','dbRoleQAtesters','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_QA_Testers'),
|
|
('ActivePos_write','dbRoleQAtesters','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_QA_Testers'),
|
|
('ActivePos_write','dbRoleSupUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_User_Support_Training'),
|
|
('ActivePos_write','dbRoleSupUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Workstations_User_Support_Training'),
|
|
('ActivePos_write','dbRoleSupUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_User_Support_Training'),
|
|
('ActivePos_write','dbRoleSupUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Workstations_User_Support_Training'),
|
|
('ActivePos_write','dbRoleSupUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_User_Support_Training'),
|
|
('ActivePos_write','dbRoleSupUsr','CENTRALINFRA\L-CI-AP-SQL-cvi-Pharmacy_Workstations_User_Support_Training'),
|
|
('ActivePos_write','dbRoleSupUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_User_Support_Training'),
|
|
('ActivePos_write','dbRoleSupUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Workstations_User_Support_Training'),
|
|
('ActivePos_write','dbRoleSupUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_User_Support_Training'),
|
|
('ActivePos_write','dbRoleSupUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Workstations_User_Support_Training'),
|
|
('ActivePos_write','dbRoleSupUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_User_Support_Training'),
|
|
('ActivePos_write','dbRoleSupUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Workstations_User_Support_Training'),
|
|
('ActivePos_write','dbRoleTPPos','sqlLksrvTPPosusr'),
|
|
('ActiveSystemClient','dbRoleActiveConfig','ActiveConfig'),
|
|
('ActiveSystemClient','dbRoleActivePharmacy','sqlAppAPHUsr'),
|
|
('ActiveSystemClient','dbRoleCsltUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_Applications_Services'),
|
|
('ActiveSystemClient','dbRoleCsltUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Workstations_Applications_Services'),
|
|
('ActiveSystemClient','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_Applications_Services'),
|
|
('ActiveSystemClient','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Workstations_Applications_Services'),
|
|
('ActiveSystemClient','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Workstations_User_Support_Training'),
|
|
('ActiveSystemClient','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_Applications_Services'),
|
|
('ActiveSystemClient','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Workstations_Applications_Services'),
|
|
('ActiveSystemClient','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-cvi-Pharmacy_Workstations_User_Support_Training'),
|
|
('ActiveSystemClient','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_Applications_Services'),
|
|
('ActiveSystemClient','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Workstations_User_Support_Training'),
|
|
('ActiveSystemClient','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Workstations_Windows_Operations'),
|
|
('ActiveSystemClient','dbRoleCsltUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_Applications_Services'),
|
|
('ActiveSystemClient','dbRoleCsltUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Workstations_Applications_Services'),
|
|
('ActiveSystemClient','dbRoleCsltUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_Applications_Services'),
|
|
('ActiveSystemClient','dbRoleCsltUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Workstations_Applications_Services'),
|
|
('ActiveSystemClient','dbRoleDevUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_Development'),
|
|
('ActiveSystemClient','dbRoleDevUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Workstations_Development'),
|
|
('ActiveSystemClient','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_Development'),
|
|
('ActiveSystemClient','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Workstations_Development'),
|
|
('ActiveSystemClient','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_Development'),
|
|
('ActiveSystemClient','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Workstations_Development'),
|
|
('ActiveSystemClient','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-cvi-Pharmacy_Workstations_User_Support_Training'),
|
|
('ActiveSystemClient','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_Development'),
|
|
('ActiveSystemClient','dbRoleDevUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_Development'),
|
|
('ActiveSystemClient','dbRoleDevUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Workstations_Development'),
|
|
('ActiveSystemClient','dbRoleDevUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_Development'),
|
|
('ActiveSystemClient','dbRoleDevUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Workstations_Development'),
|
|
('ActiveSystemClient','dbRoleIttechUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_IT_Field'),
|
|
('ActiveSystemClient','dbRoleIttechUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_IT_Field'),
|
|
('ActiveSystemClient','dbRoleIttechUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_IT_Field'),
|
|
('ActiveSystemClient','dbRoleIttechUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_IT_Field'),
|
|
('ActiveSystemClient','dbRoleIttechUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_IT_Field'),
|
|
('ActiveSystemClient','dbRoleIttechUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_IT_Field'),
|
|
('ActiveSystemClient','dbRolePOUsr','AMAVITA\L-AM-AP-SQL-AMA_Pharmacy_Servers_Product_Owner'),
|
|
('ActiveSystemClient','dbRolePOUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_Product_Owner'),
|
|
('ActiveSystemClient','dbRolePOUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_Product_Owner'),
|
|
('ActiveSystemClient','dbRolePOUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_Product_Owner'),
|
|
('ActiveSystemClient','dbRolePOUsr','COOP-VITALITY\L-CV-AP-SQL-CVI_Pharmacy_Servers_Product_Owner'),
|
|
('ActiveSystemClient','dbRolePOUsr','SUNSTORE\L-SU-AP-SQL-SUN_Pharmacy_Servers_Product_Owner'),
|
|
('ActiveSystemClient','dbRoleQAtesters','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_QA_Testers'),
|
|
('ActiveSystemClient','dbRoleQAtesters','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_QA_Testers'),
|
|
('ActiveSystemClient','dbRoleQAtesters','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_QA_Testers'),
|
|
('ActiveSystemClient','dbRoleQAtesters','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_QA_Testers'),
|
|
('ActiveSystemClient','dbRoleQAtesters','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_QA_Testers'),
|
|
('ActiveSystemClient','dbRoleQAtesters','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_QA_Testers'),
|
|
('ActiveSystemClient','dbRoleSupUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_User_Support_Training'),
|
|
('ActiveSystemClient','dbRoleSupUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Workstations_User_Support_Training'),
|
|
('ActiveSystemClient','dbRoleSupUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_User_Support_Training'),
|
|
('ActiveSystemClient','dbRoleSupUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Workstations_User_Support_Training'),
|
|
('ActiveSystemClient','dbRoleSupUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_User_Support_Training'),
|
|
('ActiveSystemClient','dbRoleSupUsr','CENTRALINFRA\L-CI-AP-SQL-cvi-Pharmacy_Workstations_User_Support_Training'),
|
|
('ActiveSystemClient','dbRoleSupUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_User_Support_Training'),
|
|
('ActiveSystemClient','dbRoleSupUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Workstations_User_Support_Training'),
|
|
('ActiveSystemClient','dbRoleSupUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_User_Support_Training'),
|
|
('ActiveSystemClient','dbRoleSupUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Workstations_User_Support_Training'),
|
|
('ActiveSystemClient','dbRoleSupUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_User_Support_Training'),
|
|
('ActiveSystemClient','dbRoleSupUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Workstations_User_Support_Training'),
|
|
('ActiveSystemServer','dbRoleActiveConfig','ActiveConfig'),
|
|
('ActiveSystemServer','dbRoleActivePharmacy','sqlAppAPHUsr'),
|
|
('ActiveSystemServer','dbRoleCsltUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_Applications_Services'),
|
|
('ActiveSystemServer','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_Applications_Services'),
|
|
('ActiveSystemServer','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_Applications_Services'),
|
|
('ActiveSystemServer','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_Applications_Services'),
|
|
('ActiveSystemServer','dbRoleCsltUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_Applications_Services'),
|
|
('ActiveSystemServer','dbRoleCsltUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_Applications_Services'),
|
|
('ActiveSystemServer','dbRoleDevUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_Development'),
|
|
('ActiveSystemServer','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_Development'),
|
|
('ActiveSystemServer','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_Development'),
|
|
('ActiveSystemServer','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_Development'),
|
|
('ActiveSystemServer','dbRoleDevUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_Development'),
|
|
('ActiveSystemServer','dbRoleDevUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_Development'),
|
|
('ActiveSystemServer','dbRoleIttechUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_IT_Field'),
|
|
('ActiveSystemServer','dbRoleIttechUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_IT_Field'),
|
|
('ActiveSystemServer','dbRoleIttechUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_IT_Field'),
|
|
('ActiveSystemServer','dbRoleIttechUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_IT_Field'),
|
|
('ActiveSystemServer','dbRoleIttechUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_IT_Field'),
|
|
('ActiveSystemServer','dbRoleIttechUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_IT_Field'),
|
|
('ActiveSystemServer','dbRolePOUsr','AMAVITA\L-AM-AP-SQL-AMA_Pharmacy_Servers_Product_Owner'),
|
|
('ActiveSystemServer','dbRolePOUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_Product_Owner'),
|
|
('ActiveSystemServer','dbRolePOUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_Product_Owner'),
|
|
('ActiveSystemServer','dbRolePOUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_Product_Owner'),
|
|
('ActiveSystemServer','dbRolePOUsr','COOP-VITALITY\L-CV-AP-SQL-CVI_Pharmacy_Servers_Product_Owner'),
|
|
('ActiveSystemServer','dbRolePOUsr','SUNSTORE\L-SU-AP-SQL-SUN_Pharmacy_Servers_Product_Owner'),
|
|
('ActiveSystemServer','dbRoleQAtesters','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_QA_Testers'),
|
|
('ActiveSystemServer','dbRoleQAtesters','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_QA_Testers'),
|
|
('ActiveSystemServer','dbRoleQAtesters','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_QA_Testers'),
|
|
('ActiveSystemServer','dbRoleQAtesters','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_QA_Testers'),
|
|
('ActiveSystemServer','dbRoleQAtesters','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_QA_Testers'),
|
|
('ActiveSystemServer','dbRoleQAtesters','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_QA_Testers'),
|
|
('ActiveSystemServer','dbRoleSupUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_User_Support_Training'),
|
|
('ActiveSystemServer','dbRoleSupUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_User_Support_Training'),
|
|
('ActiveSystemServer','dbRoleSupUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_User_Support_Training'),
|
|
('ActiveSystemServer','dbRoleSupUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_User_Support_Training'),
|
|
('ActiveSystemServer','dbRoleSupUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_User_Support_Training'),
|
|
('ActiveSystemServer','dbRoleSupUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_User_Support_Training'),
|
|
('ActiveSystemServer','dbRoleTPPos','sqlLksrvTPPosusr'),
|
|
('Arizona','dbRoleActivePharmacy','sqlAppAPHUsr'),
|
|
('Arizona','dbRoleAppMgrUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_Application_Manager'),
|
|
('Arizona','dbRoleAppMgrUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_Application_Manager'),
|
|
('Arizona','dbRoleAppMgrUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_Application_Manager'),
|
|
('Arizona','dbRoleAppMgrUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_Application_Manager'),
|
|
('Arizona','dbRoleAppMgrUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_Application_Manager'),
|
|
('Arizona','dbRoleAppMgrUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_Application_Manager'),
|
|
('Arizona','dbRoleArizonaCASH','arizonacash'),
|
|
('Arizona','dbRoleAtlas','AMAVITA\L-AM-AP-SQL-Atlas-W'),
|
|
('Arizona','dbRoleAtlas','AMAVITA\L-AM-AP-SQL-Atlas_Dev-W'),
|
|
('Arizona','dbRoleAtlas','CENTRALINFRA\L-CI-AP-SQL-Atlas-W'),
|
|
('Arizona','dbRoleAtlas','CENTRALINFRA\L-CI-AP-SQL-Atlas_Dev-W'),
|
|
('Arizona','dbRoleAtlas','COOP-VITALITY\L-CV-AP-SQL-Atlas-W'),
|
|
('Arizona','dbRoleAtlas','COOP-VITALITY\L-CV-AP-SQL-Atlas_Dev-W'),
|
|
('Arizona','dbRoleAtlas','SUNSTORE\L-SU-AP-SQL-Atlas-W'),
|
|
('Arizona','dbRoleAtlas','SUNSTORE\L-SU-AP-SQL-Atlas_Dev-W'),
|
|
('Arizona','dbRoleCsltUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_Applications_Services'),
|
|
('Arizona','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_Applications_Services'),
|
|
('Arizona','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_Applications_Services'),
|
|
('Arizona','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_Applications_Services'),
|
|
('Arizona','dbRoleCsltUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_Applications_Services'),
|
|
('Arizona','dbRoleCsltUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_Applications_Services'),
|
|
('Arizona','dbRoleDataMonitoring','datamonitoring'),
|
|
('Arizona','dbRoleDevUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_Development'),
|
|
('Arizona','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_Development'),
|
|
('Arizona','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_Development'),
|
|
('Arizona','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_Development'),
|
|
('Arizona','dbRoleDevUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_Development'),
|
|
('Arizona','dbRoleDevUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_Development'),
|
|
('Arizona','dbRoleGaia','sqlAppGaiaUsr'),
|
|
('Arizona','dbRoleGcStock','gcstock'),
|
|
('Arizona','dbRoleGroupRepetition','sqlSyncDmUsr'),
|
|
('Arizona','dbRoleIttechUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_IT_Field'),
|
|
('Arizona','dbRoleIttechUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_IT_Field'),
|
|
('Arizona','dbRoleIttechUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_IT_Field'),
|
|
('Arizona','dbRoleIttechUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_IT_Field'),
|
|
('Arizona','dbRoleIttechUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_IT_Field'),
|
|
('Arizona','dbRoleIttechUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_IT_Field'),
|
|
('Arizona','dbRolePOUsr','AMAVITA\L-AM-AP-SQL-AMA_Pharmacy_Servers_Product_Owner'),
|
|
('Arizona','dbRolePOUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_Product_Owner'),
|
|
('Arizona','dbRolePOUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_Product_Owner'),
|
|
('Arizona','dbRolePOUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_Product_Owner'),
|
|
('Arizona','dbRolePOUsr','COOP-VITALITY\L-CV-AP-SQL-CVI_Pharmacy_Servers_Product_Owner'),
|
|
('Arizona','dbRolePOUsr','SUNSTORE\L-SU-AP-SQL-SUN_Pharmacy_Servers_Product_Owner'),
|
|
('Arizona','dbRoleQAtesters','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_QA_Testers'),
|
|
('Arizona','dbRoleQAtesters','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_QA_Testers'),
|
|
('Arizona','dbRoleQAtesters','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_QA_Testers'),
|
|
('Arizona','dbRoleQAtesters','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_QA_Testers'),
|
|
('Arizona','dbRoleQAtesters','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_QA_Testers'),
|
|
('Arizona','dbRoleQAtesters','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_QA_Testers'),
|
|
('Arizona','dbRoleSupUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_User_Support_Training'),
|
|
('Arizona','dbRoleSupUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_User_Support_Training'),
|
|
('Arizona','dbRoleSupUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_User_Support_Training'),
|
|
('Arizona','dbRoleSupUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_User_Support_Training'),
|
|
('Arizona','dbRoleSupUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_User_Support_Training'),
|
|
('Arizona','dbRoleSupUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_User_Support_Training'),
|
|
('Arizona','dbRoleSyncAccountingExtraction','sqlSyncAccountingExtractionUsr'),
|
|
('Arizona','dbRoleTPPos','sqlLksrvTPPosusr'),
|
|
('Arizona','dbRoleTPSSIS','sqlSSISTPUsr'),
|
|
('Arizona','dbRoleTriapharmChangeTracking','sqlSyncDmUsr'),
|
|
('Arizona','dbRoleTriapharmCounter','apscounter'),
|
|
('Arizona','dbRoleTriapharmUser','bmcarizona'),
|
|
('ArizonaCASH','dbRoleActivePharmacy','sqlAppAPHUsr'),
|
|
('ArizonaCASH','dbRoleArizonaCASH','arizonacash'),
|
|
('ArizonaCASH','dbRoleAtlas','AMAVITA\L-AM-AP-SQL-Atlas-W'),
|
|
('ArizonaCASH','dbRoleAtlas','AMAVITA\L-AM-AP-SQL-Atlas_Dev-W'),
|
|
('ArizonaCASH','dbRoleAtlas','CENTRALINFRA\L-CI-AP-SQL-Atlas-W'),
|
|
('ArizonaCASH','dbRoleAtlas','CENTRALINFRA\L-CI-AP-SQL-Atlas_Dev-W'),
|
|
('ArizonaCASH','dbRoleAtlas','COOP-VITALITY\L-CV-AP-SQL-Atlas-W'),
|
|
('ArizonaCASH','dbRoleAtlas','COOP-VITALITY\L-CV-AP-SQL-Atlas_Dev-W'),
|
|
('ArizonaCASH','dbRoleAtlas','SUNSTORE\L-SU-AP-SQL-Atlas-W'),
|
|
('ArizonaCASH','dbRoleAtlas','SUNSTORE\L-SU-AP-SQL-Atlas_Dev-W'),
|
|
('ArizonaCASH','dbRoleCsltUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_Applications_Services'),
|
|
('ArizonaCASH','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_Applications_Services'),
|
|
('ArizonaCASH','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_Applications_Services'),
|
|
('ArizonaCASH','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_Applications_Services'),
|
|
('ArizonaCASH','dbRoleCsltUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_Applications_Services'),
|
|
('ArizonaCASH','dbRoleCsltUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_Applications_Services'),
|
|
('ArizonaCASH','dbRoleDevUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_Development'),
|
|
('ArizonaCASH','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_Development'),
|
|
('ArizonaCASH','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_Development'),
|
|
('ArizonaCASH','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_Development'),
|
|
('ArizonaCASH','dbRoleDevUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_Development'),
|
|
('ArizonaCASH','dbRoleDevUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_Development'),
|
|
('ArizonaCASH','dbRoleIttechUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_IT_Field'),
|
|
('ArizonaCASH','dbRoleIttechUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_IT_Field'),
|
|
('ArizonaCASH','dbRoleIttechUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_IT_Field'),
|
|
('ArizonaCASH','dbRoleIttechUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_IT_Field'),
|
|
('ArizonaCASH','dbRoleIttechUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_IT_Field'),
|
|
('ArizonaCASH','dbRoleIttechUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_IT_Field'),
|
|
('ArizonaCASH','dbRolePOUsr','AMAVITA\L-AM-AP-SQL-AMA_Pharmacy_Servers_Product_Owner'),
|
|
('ArizonaCASH','dbRolePOUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_Product_Owner'),
|
|
('ArizonaCASH','dbRolePOUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_Product_Owner'),
|
|
('ArizonaCASH','dbRolePOUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_Product_Owner'),
|
|
('ArizonaCASH','dbRolePOUsr','COOP-VITALITY\L-CV-AP-SQL-CVI_Pharmacy_Servers_Product_Owner'),
|
|
('ArizonaCASH','dbRolePOUsr','SUNSTORE\L-SU-AP-SQL-SUN_Pharmacy_Servers_Product_Owner'),
|
|
('ArizonaCASH','dbRoleQAtesters','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_QA_Testers'),
|
|
('ArizonaCASH','dbRoleQAtesters','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_QA_Testers'),
|
|
('ArizonaCASH','dbRoleQAtesters','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_QA_Testers'),
|
|
('ArizonaCASH','dbRoleQAtesters','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_QA_Testers'),
|
|
('ArizonaCASH','dbRoleQAtesters','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_QA_Testers'),
|
|
('ArizonaCASH','dbRoleQAtesters','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_QA_Testers'),
|
|
('ArizonaCASH','dbRoleSupUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_User_Support_Training'),
|
|
('ArizonaCASH','dbRoleSupUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_User_Support_Training'),
|
|
('ArizonaCASH','dbRoleSupUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_User_Support_Training'),
|
|
('ArizonaCASH','dbRoleSupUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_User_Support_Training'),
|
|
('ArizonaCASH','dbRoleSupUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_User_Support_Training'),
|
|
('ArizonaCASH','dbRoleSupUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_User_Support_Training'),
|
|
('ArizonaCASH','dbRoleSyncAccountingExtraction','sqlSyncAccountingExtractionUsr'),
|
|
('ArizonaCASH','dbRoleTPPos','sqlLksrvTPPosusr'),
|
|
('ArizonaCASH','dbRoleTriapharmUser','bmcarizona'),
|
|
('ArizonaCUST','dbRoleCsltUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_Applications_Services'),
|
|
('ArizonaCUST','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_Applications_Services'),
|
|
('ArizonaCUST','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_Applications_Services'),
|
|
('ArizonaCUST','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_Applications_Services'),
|
|
('ArizonaCUST','dbRoleCsltUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_Applications_Services'),
|
|
('ArizonaCUST','dbRoleCsltUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_Applications_Services'),
|
|
('ArizonaCUST','dbRoleDevUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_Development'),
|
|
('ArizonaCUST','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_Development'),
|
|
('ArizonaCUST','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_Development'),
|
|
('ArizonaCUST','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_Development'),
|
|
('ArizonaCUST','dbRoleDevUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_Development'),
|
|
('ArizonaCUST','dbRoleDevUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_Development'),
|
|
('ArizonaCUST','dbRoleIttechUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_IT_Field'),
|
|
('ArizonaCUST','dbRoleIttechUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_IT_Field'),
|
|
('ArizonaCUST','dbRoleIttechUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_IT_Field'),
|
|
('ArizonaCUST','dbRoleIttechUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_IT_Field'),
|
|
('ArizonaCUST','dbRoleIttechUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_IT_Field'),
|
|
('ArizonaCUST','dbRoleIttechUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_IT_Field'),
|
|
('ArizonaCUST','dbRolePOUsr','AMAVITA\L-AM-AP-SQL-AMA_Pharmacy_Servers_Product_Owner'),
|
|
('ArizonaCUST','dbRolePOUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_Product_Owner'),
|
|
('ArizonaCUST','dbRolePOUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_Product_Owner'),
|
|
('ArizonaCUST','dbRolePOUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_Product_Owner'),
|
|
('ArizonaCUST','dbRolePOUsr','COOP-VITALITY\L-CV-AP-SQL-CVI_Pharmacy_Servers_Product_Owner'),
|
|
('ArizonaCUST','dbRolePOUsr','SUNSTORE\L-SU-AP-SQL-SUN_Pharmacy_Servers_Product_Owner'),
|
|
('ArizonaCUST','dbRoleQAtesters','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_QA_Testers'),
|
|
('ArizonaCUST','dbRoleQAtesters','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_QA_Testers'),
|
|
('ArizonaCUST','dbRoleQAtesters','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_QA_Testers'),
|
|
('ArizonaCUST','dbRoleQAtesters','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_QA_Testers'),
|
|
('ArizonaCUST','dbRoleQAtesters','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_QA_Testers'),
|
|
('ArizonaCUST','dbRoleQAtesters','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_QA_Testers'),
|
|
('ArizonaCUST','dbRoleSupUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_User_Support_Training'),
|
|
('ArizonaCUST','dbRoleSupUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_User_Support_Training'),
|
|
('ArizonaCUST','dbRoleSupUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_User_Support_Training'),
|
|
('ArizonaCUST','dbRoleSupUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_User_Support_Training'),
|
|
('ArizonaCUST','dbRoleSupUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_User_Support_Training'),
|
|
('ArizonaCUST','dbRoleSupUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_User_Support_Training'),
|
|
('ArizonaCUST','dbRoleSyncAccountingExtraction','sqlSyncAccountingExtractionUsr'),
|
|
('ArizonaLD','dbRoleCsltUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_Applications_Services'),
|
|
('ArizonaLD','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_Applications_Services'),
|
|
('ArizonaLD','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_Applications_Services'),
|
|
('ArizonaLD','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_Applications_Services'),
|
|
('ArizonaLD','dbRoleCsltUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_Applications_Services'),
|
|
('ArizonaLD','dbRoleCsltUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_Applications_Services'),
|
|
('ArizonaLD','dbRoleDevUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_Development'),
|
|
('ArizonaLD','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_Development'),
|
|
('ArizonaLD','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_Development'),
|
|
('ArizonaLD','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_Development'),
|
|
('ArizonaLD','dbRoleDevUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_Development'),
|
|
('ArizonaLD','dbRoleDevUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_Development'),
|
|
('ArizonaLD','dbRoleIttechUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_IT_Field'),
|
|
('ArizonaLD','dbRoleIttechUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_IT_Field'),
|
|
('ArizonaLD','dbRoleIttechUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_IT_Field'),
|
|
('ArizonaLD','dbRoleIttechUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_IT_Field'),
|
|
('ArizonaLD','dbRoleIttechUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_IT_Field'),
|
|
('ArizonaLD','dbRoleIttechUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_IT_Field'),
|
|
('ArizonaLD','dbRolePOUsr','AMAVITA\L-AM-AP-SQL-AMA_Pharmacy_Servers_Product_Owner'),
|
|
('ArizonaLD','dbRolePOUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_Product_Owner'),
|
|
('ArizonaLD','dbRolePOUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_Product_Owner'),
|
|
('ArizonaLD','dbRolePOUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_Product_Owner'),
|
|
('ArizonaLD','dbRolePOUsr','COOP-VITALITY\L-CV-AP-SQL-CVI_Pharmacy_Servers_Product_Owner'),
|
|
('ArizonaLD','dbRolePOUsr','SUNSTORE\L-SU-AP-SQL-SUN_Pharmacy_Servers_Product_Owner'),
|
|
('ArizonaLD','dbRoleQAtesters','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_QA_Testers'),
|
|
('ArizonaLD','dbRoleQAtesters','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_QA_Testers'),
|
|
('ArizonaLD','dbRoleQAtesters','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_QA_Testers'),
|
|
('ArizonaLD','dbRoleQAtesters','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_QA_Testers'),
|
|
('ArizonaLD','dbRoleQAtesters','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_QA_Testers'),
|
|
('ArizonaLD','dbRoleQAtesters','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_QA_Testers'),
|
|
('ArizonaLD','dbRoleSupUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_User_Support_Training'),
|
|
('ArizonaLD','dbRoleSupUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_User_Support_Training'),
|
|
('ArizonaLD','dbRoleSupUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_User_Support_Training'),
|
|
('ArizonaLD','dbRoleSupUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_User_Support_Training'),
|
|
('ArizonaLD','dbRoleSupUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_User_Support_Training'),
|
|
('ArizonaLD','dbRoleSupUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_User_Support_Training'),
|
|
('ArizonaTest','dbRoleCsltUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_Applications_Services'),
|
|
('ArizonaTest','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_Applications_Services'),
|
|
('ArizonaTest','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_Applications_Services'),
|
|
('ArizonaTest','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_Applications_Services'),
|
|
('ArizonaTest','dbRoleCsltUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_Applications_Services'),
|
|
('ArizonaTest','dbRoleCsltUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_Applications_Services'),
|
|
('ArizonaTest','dbRoleDevUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_Development'),
|
|
('ArizonaTest','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_Development'),
|
|
('ArizonaTest','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_Development'),
|
|
('ArizonaTest','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_Development'),
|
|
('ArizonaTest','dbRoleDevUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_Development'),
|
|
('ArizonaTest','dbRoleDevUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_Development'),
|
|
('ArizonaTest','dbRoleIttechUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_IT_Field'),
|
|
('ArizonaTest','dbRoleIttechUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_IT_Field'),
|
|
('ArizonaTest','dbRoleIttechUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_IT_Field'),
|
|
('ArizonaTest','dbRoleIttechUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_IT_Field'),
|
|
('ArizonaTest','dbRoleIttechUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_IT_Field'),
|
|
('ArizonaTest','dbRoleIttechUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_IT_Field'),
|
|
('ArizonaTest','dbRoleSupUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_User_Support_Training'),
|
|
('ArizonaTest','dbRoleSupUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_User_Support_Training'),
|
|
('ArizonaTest','dbRoleSupUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_User_Support_Training'),
|
|
('ArizonaTest','dbRoleSupUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_User_Support_Training'),
|
|
('ArizonaTest','dbRoleSupUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_User_Support_Training'),
|
|
('ArizonaTest','dbRoleSupUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_User_Support_Training'),
|
|
('distribution','dbRoleCsltUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_Applications_Services'),
|
|
('distribution','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_Applications_Services'),
|
|
('distribution','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_Applications_Services'),
|
|
('distribution','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-GCA-PharmINDEX_Applications_Services'),
|
|
('distribution','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-GCA-TriaFACT_Applications_Services'),
|
|
('distribution','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_Applications_Services'),
|
|
('distribution','dbRoleCsltUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_Applications_Services'),
|
|
('distribution','dbRoleCsltUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_Applications_Services'),
|
|
('distribution','dbRoleDevUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_Development'),
|
|
('distribution','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_Development'),
|
|
('distribution','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_Development'),
|
|
('distribution','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-GCA-PharmINDEX_Development'),
|
|
('distribution','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-GCA-TriaFACT_Development'),
|
|
('distribution','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_Development'),
|
|
('distribution','dbRoleDevUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_Development'),
|
|
('distribution','dbRoleDevUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_Development'),
|
|
('distribution','dbRoleIttechUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_IT_Field'),
|
|
('distribution','dbRoleIttechUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_IT_Field'),
|
|
('distribution','dbRoleIttechUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_IT_Field'),
|
|
('distribution','dbRoleIttechUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_IT_Field'),
|
|
('distribution','dbRoleIttechUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_IT_Field'),
|
|
('distribution','dbRoleIttechUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_IT_Field'),
|
|
('distribution','dbRoleSupUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_User_Support_Training'),
|
|
('distribution','dbRoleSupUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_User_Support_Training'),
|
|
('distribution','dbRoleSupUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_User_Support_Training'),
|
|
('distribution','dbRoleSupUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_User_Support_Training'),
|
|
('distribution','dbRoleSupUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_User_Support_Training'),
|
|
('distribution','dbRoleSupUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_User_Support_Training'),
|
|
('distribution','dbRoleTPPos','sqlLksrvTPPosusr'),
|
|
('Golabo','dbRoleDevUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_Development'),
|
|
('Golabo','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_Development'),
|
|
('Golabo','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_Development'),
|
|
('Golabo','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_Development'),
|
|
('Golabo','dbRoleDevUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_Development'),
|
|
('Golabo','dbRoleDevUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_Development'),
|
|
('HCITools','dbRoleCsltUsr','AAI\L-AA-AP-SQL-AAI-Datamart_Applications_Services'),
|
|
('HCITools','dbRoleCsltUsr','AMAVITA\L-AM-AP-SQL-AMA-Address_Repository_Applications_Services'),
|
|
('HCITools','dbRoleCsltUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_Applications_Services'),
|
|
('HCITools','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_Applications_Services'),
|
|
('HCITools','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_Applications_Services'),
|
|
('HCITools','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-GCA-Atlas_Applications_Services'),
|
|
('HCITools','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-GCA-Datamart_Applications_Services'),
|
|
('HCITools','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-GCA-Gaia_Applications_Services'),
|
|
('HCITools','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-GCA-PharmINDEX_Applications_Services'),
|
|
('HCITools','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-GCA-Pricing_Applications_Services'),
|
|
('HCITools','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-GCA-TriaFACT_Applications_Services'),
|
|
('HCITools','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-GCA-triaSCAN_Applications_Services'),
|
|
('HCITools','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-GCM-J2I_Database_Administrator'),
|
|
('HCITools','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_Applications_Services'),
|
|
('HCITools','dbRoleCsltUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Address_Repository_Applications_Services'),
|
|
('HCITools','dbRoleCsltUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_Applications_Services'),
|
|
('HCITools','dbRoleCsltUsr','SUNSTORE\L-SU-AP-SQL-SUN-Address_Repository_Applications_Services'),
|
|
('HCITools','dbRoleCsltUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_Applications_Services'),
|
|
('HCITools','dbRoleDataMonitoring','datamonitoring'),
|
|
('HCITools','dbRoleDevUsr','AAI\L-AA-AP-SQL-AAI-Datamart_Development'),
|
|
('HCITools','dbRoleDevUsr','AMAVITA\L-AM-AP-SQL-AMA-Address_Repository_Development'),
|
|
('HCITools','dbRoleDevUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_Development'),
|
|
('HCITools','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_Development'),
|
|
('HCITools','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_Development'),
|
|
('HCITools','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-GCA-Atlas_Development'),
|
|
('HCITools','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-GCA-Datamart_Development'),
|
|
('HCITools','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-GCA-Gaia_Development'),
|
|
('HCITools','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-GCA-Monitoring_Development'),
|
|
('HCITools','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-GCA-PharmINDEX_Development'),
|
|
('HCITools','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-GCA-Pricing_Development'),
|
|
('HCITools','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-GCA-TriaFACT_Development'),
|
|
('HCITools','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-GCA-triaSCAN_Development'),
|
|
('HCITools','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-GCM-J2I_Development'),
|
|
('HCITools','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_Development'),
|
|
('HCITools','dbRoleDevUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Address_Repository_Development'),
|
|
('HCITools','dbRoleDevUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_Development'),
|
|
('HCITools','dbRoleDevUsr','SUNSTORE\L-SU-AP-SQL-SUN-Address_Repository_Development'),
|
|
('HCITools','dbRoleDevUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_Development'),
|
|
('HCITools','dbRoleIttechUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_IT_Field'),
|
|
('HCITools','dbRoleIttechUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_IT_Field'),
|
|
('HCITools','dbRoleIttechUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_IT_Field'),
|
|
('HCITools','dbRoleIttechUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_IT_Field'),
|
|
('HCITools','dbRoleIttechUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_IT_Field'),
|
|
('HCITools','dbRoleIttechUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_IT_Field'),
|
|
('HCITools','dbRoleNagiosMonitoring','sqlMonNagiosUsr'),
|
|
('HCITools','dbRoleSSRSMonitoring','sqlMonSSRSUsr'),
|
|
('HCITools','dbRoleSupUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_User_Support_Training'),
|
|
('HCITools','dbRoleSupUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_User_Support_Training'),
|
|
('HCITools','dbRoleSupUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_User_Support_Training'),
|
|
('HCITools','dbRoleSupUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_User_Support_Training'),
|
|
('HCITools','dbRoleSupUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_User_Support_Training'),
|
|
('HCITools','dbRoleSupUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_User_Support_Training'),
|
|
('master','dbRoleAtlas','AMAVITA\L-AM-AP-SQL-Atlas-W'),
|
|
('master','dbRoleAtlas','AMAVITA\L-AM-AP-SQL-Atlas_Dev-W'),
|
|
('master','dbRoleAtlas','CENTRALINFRA\L-CI-AP-SQL-Atlas-W'),
|
|
('master','dbRoleAtlas','CENTRALINFRA\L-CI-AP-SQL-Atlas_Dev-W'),
|
|
('master','dbRoleAtlas','COOP-VITALITY\L-CV-AP-SQL-Atlas-W'),
|
|
('master','dbRoleAtlas','COOP-VITALITY\L-CV-AP-SQL-Atlas_Dev-W'),
|
|
('master','dbRoleAtlas','SUNSTORE\L-SU-AP-SQL-Atlas-W'),
|
|
('master','dbRoleAtlas','SUNSTORE\L-SU-AP-SQL-Atlas_Dev-W'),
|
|
('master','dbRoleSyncAccountingExtraction','sqlSyncAccountingExtractionUsr'),
|
|
('master','dbRoleTPPos','sqlLksrvTPPosusr'),
|
|
('msdb','dbRoleCsltUsr','AAI\L-AA-AP-SQL-AAI-Datamart_Applications_Services'),
|
|
('msdb','dbRoleCsltUsr','AMAVITA\L-AM-AP-SQL-AMA-Address_Repository_Applications_Services'),
|
|
('msdb','dbRoleCsltUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_Applications_Services'),
|
|
('msdb','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_Applications_Services'),
|
|
('msdb','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_Applications_Services'),
|
|
('msdb','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-GCA-Atlas_Applications_Services'),
|
|
('msdb','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-GCA-Datamart_Applications_Services'),
|
|
('msdb','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-GCA-Gaia_Applications_Services'),
|
|
('msdb','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-GCA-PharmINDEX_Applications_Services'),
|
|
('msdb','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-GCA-Pricing_Applications_Services'),
|
|
('msdb','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-GCA-TriaFACT_Applications_Services'),
|
|
('msdb','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-GCA-triaSCAN_Applications_Services'),
|
|
('msdb','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-GCM-J2I_Applications_Services'),
|
|
('msdb','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_Applications_Services'),
|
|
('msdb','dbRoleCsltUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Address_Repository_Applications_Services'),
|
|
('msdb','dbRoleCsltUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_Applications_Services'),
|
|
('msdb','dbRoleCsltUsr','SUNSTORE\L-SU-AP-SQL-SUN-Address_Repository_Applications_Services'),
|
|
('msdb','dbRoleCsltUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_Applications_Services'),
|
|
('msdb','dbRoleDataMonitoring','datamonitoring'),
|
|
('msdb','dbRoleDevUsr','AAI\L-AA-AP-SQL-AAI-Datamart_Development'),
|
|
('msdb','dbRoleDevUsr','AMAVITA\L-AM-AP-SQL-AMA-Address_Repository_Development'),
|
|
('msdb','dbRoleDevUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_Development'),
|
|
('msdb','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_Development'),
|
|
('msdb','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_Development'),
|
|
('msdb','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-GCA-Atlas_Development'),
|
|
('msdb','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-GCA-Datamart_Development'),
|
|
('msdb','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-GCA-Monitoring_Development'),
|
|
('msdb','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-GCA-PharmINDEX_Development'),
|
|
('msdb','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-GCA-Pricing_Development'),
|
|
('msdb','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-GCA-TriaFACT_Development'),
|
|
('msdb','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-GCA-triaSCAN_Development'),
|
|
('msdb','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-GCM-J2I_Development'),
|
|
('msdb','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_Development'),
|
|
('msdb','dbRoleDevUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Address_Repository_Development'),
|
|
('msdb','dbRoleDevUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_Development'),
|
|
('msdb','dbRoleDevUsr','SUNSTORE\L-SU-AP-SQL-SUN-Address_Repository_Development'),
|
|
('msdb','dbRoleDevUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_Development'),
|
|
('msdb','dbRoleIttechUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_IT_Field'),
|
|
('msdb','dbRoleIttechUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_IT_Field'),
|
|
('msdb','dbRoleIttechUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_IT_Field'),
|
|
('msdb','dbRoleIttechUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_IT_Field'),
|
|
('msdb','dbRoleIttechUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_IT_Field'),
|
|
('msdb','dbRoleIttechUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_IT_Field'),
|
|
('msdb','dbRoleSupUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_User_Support_Training'),
|
|
('msdb','dbRoleSupUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_User_Support_Training'),
|
|
('msdb','dbRoleSupUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_User_Support_Training'),
|
|
('msdb','dbRoleSupUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_User_Support_Training'),
|
|
('msdb','dbRoleSupUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_User_Support_Training'),
|
|
('msdb','dbRoleSupUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_User_Support_Training'),
|
|
('msdb','dbRoleTPPos','sqlLksrvTPPosusr'),
|
|
('Symbiose','dbRoleCsltUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_Applications_Services'),
|
|
('Symbiose','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_Applications_Services'),
|
|
('Symbiose','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_Applications_Services'),
|
|
('Symbiose','dbRoleCsltUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_Applications_Services'),
|
|
('Symbiose','dbRoleCsltUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_Applications_Services'),
|
|
('Symbiose','dbRoleCsltUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_Applications_Services'),
|
|
('Symbiose','dbRoleDevUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_Development'),
|
|
('Symbiose','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_Development'),
|
|
('Symbiose','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_Development'),
|
|
('Symbiose','dbRoleDevUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_Development'),
|
|
('Symbiose','dbRoleDevUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_Development'),
|
|
('Symbiose','dbRoleDevUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_Development'),
|
|
('Symbiose','dbRoleIttechUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_IT_Field'),
|
|
('Symbiose','dbRoleIttechUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_IT_Field'),
|
|
('Symbiose','dbRoleIttechUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_IT_Field'),
|
|
('Symbiose','dbRoleIttechUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_IT_Field'),
|
|
('Symbiose','dbRoleIttechUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_IT_Field'),
|
|
('Symbiose','dbRoleIttechUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_IT_Field'),
|
|
('Symbiose','dbRoleSupUsr','AMAVITA\L-AM-AP-SQL-AMA-Pharmacy_Servers_User_Support_Training'),
|
|
('Symbiose','dbRoleSupUsr','CENTRALINFRA\L-CI-AP-SQL-AMA-Pharmacy_Servers_User_Support_Training'),
|
|
('Symbiose','dbRoleSupUsr','CENTRALINFRA\L-CI-AP-SQL-CVI-Pharmacy_Servers_User_Support_Training'),
|
|
('Symbiose','dbRoleSupUsr','CENTRALINFRA\L-CI-AP-SQL-SUN-Pharmacy_Servers_User_Support_Training'),
|
|
('Symbiose','dbRoleSupUsr','COOP-VITALITY\L-CV-AP-SQL-CVI-Pharmacy_Servers_User_Support_Training'),
|
|
('Symbiose','dbRoleSupUsr','SUNSTORE\L-SU-AP-SQL-SUN-Pharmacy_Servers_User_Support_Training')
|
|
|
|
DECLARE AllDb CURSOR FOR SELECT DISTINCT STR_Database FROM #AllRoles STR JOIN master.sys.databases D ON D.name = STR.STR_Database
|
|
OPEN AllDb
|
|
|
|
FETCH NEXT FROM AllDb INTO @Database
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SELECT @Command = 'USE ' + @Database + '
|
|
|
|
DECLARE @Roles nvarchar(max)
|
|
|
|
DECLARE AllRoles CURSOR FOR SELECT STR_Definition FROM #AllRoles WHERE STR_Database = ''' + @Database + '''
|
|
OPEN AllRoles
|
|
|
|
FETCH NEXT FROM AllRoles INTO @Roles
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
EXEC sp_executesql @Roles
|
|
FETCH NEXT FROM AllRoles INTO @Roles
|
|
END
|
|
|
|
CLOSE AllRoles
|
|
DEALLOCATE AllRoles
|
|
'
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
FETCH NEXT FROM AllDb INTO @Database
|
|
END
|
|
|
|
CLOSE AllDb
|
|
DEALLOCATE AllDb
|
|
|
|
DECLARE MapUsersAndRolesCurs CURSOR FOR
|
|
SELECT databasename, rolename, username FROM #AllUsersAndRoles AUAR JOIN master.sys.databases D ON D.name = AUAR.databasename
|
|
|
|
OPEN MapUsersAndRolesCurs
|
|
FETCH NEXT FROM MapUsersAndRolesCurs INTO @Database, @rolename, @username
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
|
|
SET @Command = 'USE ' + @Database + '
|
|
IF EXISTS (SELECT 1 FROM master.dbo.syslogins WHERE name = ''' + @username + ''')
|
|
BEGIN
|
|
IF EXISTS (SELECT 1 FROM sys.database_principals WHERE name = N''' + @rolename + ''' AND [type] = ''R'')
|
|
BEGIN
|
|
IF EXISTS (SELECT 1 FROM sys.database_principals WHERE name = N''' + @username + ''')
|
|
BEGIN
|
|
ALTER USER [' + @username + '] WITH LOGIN = [' + @username + ']
|
|
EXEC sp_addrolemember N''' + @rolename + ''', N''' + @username + '''
|
|
END
|
|
ELSE
|
|
BEGIN
|
|
CREATE USER [' + @username + '] FOR LOGIN [' + @username + '] WITH DEFAULT_SCHEMA=[dbo]
|
|
EXEC sp_addrolemember N''' + @rolename + ''', N''' + @username + '''
|
|
END
|
|
END
|
|
END
|
|
'
|
|
|
|
EXEC sp_executesql @Command
|
|
|
|
FETCH NEXT FROM MapUsersAndRolesCurs INTO @Database, @rolename, @username
|
|
END
|
|
|
|
CLOSE MapUsersAndRolesCurs
|
|
DEALLOCATE MapUsersAndRolesCurs
|
|
|
|
DROP TABLE #AllUsersAndRoles
|
|
DROP TABLE #AllRoles
|
|
GO
|