thierry/sql-scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9df441e8349b9be9afa7ed58a8e3cb6be4c93efc
sql-scripts/HCI - setup new dataProtectionKeys permissions.sql
Thierry Schork 634dc10c8c sync
2026-02-23 08:12:06 +01:00

161 lines
4.0 KiB
Transact-SQL
Raw Blame History

/*
PharmaceuticalSpecialties_Superset
Wire the database Users to these new AD groups
DEV L-CI-AP-SQL-D-HCI-DataProtectionKeys_R and L-CI-AP-SQL-D-HCI-DataProtectionKeys_RW
INT L-CI-AP-SQL-I-HCI-DataProtectionKeys_R and L-CI-AP-SQL-I-HCI-DataProtectionKeys_RW
PROD L-CI-AP-SQL-P-HCI-DataProtectionKeys_R and L-CI-AP-SQL-P-HCI-DataProtectionKeys_RW
01.10.2025, TSC
*/
BEGIN TRANSACTION
SET XACT_ABORT ON;
SET NOCOUNT ON;
DECLARE @q NVARCHAR(MAX)='';
DECLARE @db sysname='DataProtectionKeys';
DECLARE @env VARCHAR(111);
DECLARE @groups TABLE(env VARCHAR(111) NOT NULL, grp_name VARCHAR(111) NOT NULL);
SELECT @env = CASE
WHEN @@SERVERNAME='SWMDATASQLDEV01' THEN 'dev'
WHEN @@SERVERNAME='SWMDATASQLINT01' THEN 'int'
WHEN @@SERVERNAME='SWMDATASQLPRD01' THEN 'prod'
WHEN @@SERVERNAME='SWSQLMDQAS05' THEN 'prod'
ELSE 'unknown'
END;
DECLARE @tplLogins NVARCHAR(MAX)='
IF NOT EXISTS (
SELECT 1
FROM sys.server_principals
WHERE name = ''@grp@''
)
BEGIN
SET @sql =
N''CREATE LOGIN [@grp@] '' +
N''FROM WINDOWS '' +
N''WITH DEFAULT_DATABASE=[master];'';
EXEC (@sql);
PRINT ''created login [@grp@]'';
END
';
DECLARE @tplUser NVARCHAR(MAX)='
IF NOT EXISTS (
SELECT 1
FROM sys.database_principals
WHERE name = N''@grp@''
)
BEGIN
CREATE USER [@grp@]
FOR LOGIN [@grp@];
PRINT ''Added user [@grp@]'';
END
IF EXISTS (
SELECT 1
FROM sys.database_principals
WHERE name = N''@grp@''
)
BEGIN
GRANT EXECUTE TO [@grp@];
--PRINT ''Granted EXECUTE to [@grp@]'';
ALTER ROLE [db_datareader] ADD MEMBER [@grp@]
--PRINT ''Granted db_datareader to [@grp@]'';
PRINT ''Granted read and execute permissions to [@grp@]'';
IF ''@grp@'' like ''%[_]RW''
BEGIN
ALTER ROLE [db_datawriter] ADD MEMBER [@grp@];
PRINT ''Granted db_datawriter to [@grp@]'';
END
END
'
INSERT INTO @groups ([env],[grp_name])
VALUES('dev', 'CENTRALINFRA\L-CI-AP-SQL-D-HCI-DataProtectionKeys_R')
,('dev', 'CENTRALINFRA\L-CI-AP-SQL-D-HCI-DataProtectionKeys_RW')
,('int', 'CENTRALINFRA\L-CI-AP-SQL-I-HCI-DataProtectionKeys_R')
,('int', 'CENTRALINFRA\L-CI-AP-SQL-I-HCI-DataProtectionKeys_RW')
,('prod', 'CENTRALINFRA\L-CI-AP-SQL-P-HCI-DataProtectionKeys_R')
,('prod', 'CENTRALINFRA\L-CI-AP-SQL-P-HCI-DataProtectionKeys_RW')
;
SELECT @env
IF @env IN ('dev','int','prod')
BEGIN
SET @q='use master
go
BEGIN TRANSACTION
SET XACT_ABORT ON;
SET NOCOUNT ON;
IF NOT EXISTS (
SELECT 1
FROM sys.databases d
WHERE name='''+@db+'''
)
BEGIN
RAISERROR(''The target db %s does not exists (yet?)'',16,5,'''+@db+''');
RETURN
END
DECLARE @sql nvarchar(MAX)='''';
';
--#region login
SELECT @q = @q + REPLACE(@tplLogins, '@grp@',g.[grp_name])
FROM @groups g
WHERE [g].[env] = @env
AND g.[grp_name] LIKE '%\%';
--#endregion login
--#region users
SET @q = @q +'
use '+@db+'
GO
';
SELECT @q = @q + REPLACE(@tplUser,'@grp@', g.[grp_name])
FROM @groups g
WHERE g.[env] = @env;
--#endregion users
SET @q = @q +'
ROLLBACK TRANSACTION
'
PRINT ''
--#region print whole dyn sql
DECLARE @String NVARCHAR(MAX) = @q
DECLARE @CurrentEnd BIGINT; /* track the length of the next substring */
DECLARE @offset tinyint; /*tracks the amount of offset needed */
set @string = replace( replace(@string, char(13) + char(10), char(10)) , char(13), char(10))
WHILE LEN(@String) > 1
BEGIN
IF CHARINDEX(CHAR(10), @String) between 1 AND 4000
BEGIN
SET @CurrentEnd = CHARINDEX(char(10), @String) -1
set @offset = 2
END
ELSE
BEGIN
SET @CurrentEnd = 4000
set @offset = 1
END
PRINT SUBSTRING(@String, 1, @CurrentEnd)
set @string = SUBSTRING(@String, @CurrentEnd+@offset, LEN(@String))
END /*End While loop*/
--#endregion print whole dyn sql
END
ROLLBACK TRANSACTION
Reference in New Issue View Git Blame Copy Permalink