182 lines
5.1 KiB
PL/PgSQL
182 lines
5.1 KiB
PL/PgSQL
/*
|
|
cleaning up identified logins ofthe sql server instances
|
|
|
|
18.08.2025, TSC
|
|
*/
|
|
DECLARE @DebugOnly BIT = 0; --switch to 0 to actually drop the login and user(s); 1 displays the generated script.
|
|
DECLARE @cmd NVARCHAR(MAX);
|
|
DECLARE @DatabasePrincipalName sysname;
|
|
|
|
DECLARE @to_clean TABLE(
|
|
id INT IDENTITY NOT NULL PRIMARY KEY
|
|
,name VARCHAR(255) NOT NULL
|
|
);
|
|
|
|
ALTER LOGIN sa ENABLE
|
|
|
|
INSERT INTO @to_clean ([name])
|
|
SELECT [x].[name]
|
|
FROM (
|
|
VALUES
|
|
--dev
|
|
('CENTRALINFRA\ua170710') --Cosarca Ciprian-Andrei (Galenica - ADM)
|
|
,('CENTRALINFRA\ucibecrauc_adm') --nothing found
|
|
,('CENTRALINFRA\ucibestutt_adm') --nothing found
|
|
,('CENTRALINFRA\up273720') --Suter Stefan (HCI - External)
|
|
,('CENTRALINFRA\up273730') --Schefer Kilian (HCI - External)
|
|
,('E-MEDIAT\uafka') --nothing found
|
|
,('E-MEDIAT\uapvi') --nothing found (Pascal Vigier ?)
|
|
,('E-MEDIAT\uatst') --nothing found
|
|
,('E-MEDIAT\uhcbebeyem') --nothing found
|
|
,('HCISOLUTIONS\svc-sql_content') --old sql server service account
|
|
--int
|
|
,('CENTRALINFRA\uacrc') --Crausaz Christophe (HCI)
|
|
,('CENTRALINFRA\ucibestutt_adm') --nothing found
|
|
,('CENTRALINFRA\up218930') --Sánchez González Ainel (Galenica)
|
|
,('CENTRALINFRA\up271210') --Vijayasingam Vithursiya 2 (Galenica - External)
|
|
,('CENTRALINFRA\up273720') --Suter Stefan (HCI - External)
|
|
,('CENTRALINFRA\up273730') --Schefer Kilian (HCI - External)
|
|
,('E-MEDIAT\uaano') --Notter Andreas (HCI)
|
|
,('E-MEDIAT\uapvi') --nothing found (Pascal Vigier ?)
|
|
,('E-MEDIAT\uauhe') --Hebel Ursula (HCI)
|
|
,('E-MEDIAT\UHCBELOPEJ') --nothing found
|
|
--prod
|
|
,('CENTRALINFRA\ua170710') --Cosarca Ciprian-Andrei (Galenica - ADM)
|
|
,('CENTRALINFRA\uacrc') --Crausaz Christophe (HCI)
|
|
,('CENTRALINFRA\up271210') --Vijayasingam Vithursiya 2 (Galenica - External)
|
|
,('SYMMETRIC') --symmetricDS login from BAG migration
|
|
,('E-MEDIAT\uamro') --Rosenthal Martin (Galenica)
|
|
,('E-MEDIAT\uapvi') --nothing found
|
|
--log
|
|
,('CENTRALINFRA\up271210') --Vijayasingam Vithursiya 2 (Galenica - External)
|
|
,('E-MEDIAT\uapeh') --Ehrhardt Paul (Galenica - External)
|
|
,('E-MEDIAT\uasne') --Sali Neslihan (HCI)
|
|
)x(name)
|
|
|
|
BEGIN TRANSACTION
|
|
SET XACT_ABORT ON;
|
|
SET NOCOUNT ON;
|
|
|
|
/* declare variables */
|
|
DECLARE [csr_user] CURSOR FAST_FORWARD READ_ONLY FOR
|
|
SELECT name
|
|
FROM @to_clean;
|
|
|
|
IF OBJECT_ID('tempdb..#dbs')IS NOT NULL BEGIN;
|
|
DROP TABLE #dbs;
|
|
END;
|
|
|
|
SELECT name, [d].[user_access], [d].[user_access_desc], [d].[is_read_only], [d].[state], state_desc, [d].[source_database_id]
|
|
INTO #dbs
|
|
FROM sys.databases d
|
|
|
|
OPEN [csr_user]
|
|
|
|
FETCH NEXT FROM [csr_user] INTO @DatabasePrincipalName
|
|
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
--#region drop user
|
|
SET @cmd = '
|
|
use ?
|
|
if exists(
|
|
--the user is found in the db
|
|
select 1
|
|
from sys.[database_principals]
|
|
WHERE type IN (''S'',''U'')
|
|
and name = '''+@DatabasePrincipalName+'''
|
|
)
|
|
and exists(
|
|
--the db is not read only
|
|
select 1
|
|
from #dbs d
|
|
where d.name=''?''
|
|
and [is_read_only] = 0
|
|
and [user_access] = 0 --multi_user
|
|
and [state] = 0 --online
|
|
and [source_database_id] is null --not a snapshot
|
|
)
|
|
begin
|
|
print ''Dropping user ' + QUOTENAME(@DatabasePrincipalName) +' IN db: >?<'';
|
|
declare @c nvarchar(max)='''';
|
|
|
|
select @c=@c+''ALTER AUTHORIZATION ON SCHEMA::[''+s.name+''] TO dbo;
|
|
''
|
|
from sys.schemas s
|
|
WHERE principal_id = USER_ID('''+@DatabasePrincipalName+''');
|
|
|
|
if nullif(@c,'''') is not null
|
|
begin
|
|
print ''Assigning ownership of schema to DBO rather than ' + QUOTENAME(@DatabasePrincipalName) + N' '';
|
|
print @c
|
|
exec(@c);
|
|
end
|
|
|
|
DROP USER ' + QUOTENAME(@DatabasePrincipalName) + N';
|
|
end
|
|
|
|
'
|
|
|
|
IF @DebugOnly = 1
|
|
BEGIN
|
|
RAISERROR(@cmd, 0, 1);
|
|
END;
|
|
ELSE
|
|
BEGIN
|
|
EXEC sys.[sp_MSforeachdb] @cmd;
|
|
END
|
|
--#endregion drop user
|
|
FETCH NEXT FROM [csr_user] INTO @DatabasePrincipalName
|
|
END
|
|
CLOSE [csr_user]
|
|
DEALLOCATE [csr_user]
|
|
|
|
DECLARE [csr_login] CURSOR FAST_FORWARD READ_ONLY FOR
|
|
SELECT name
|
|
FROM @to_clean;
|
|
|
|
OPEN [csr_login]
|
|
|
|
FETCH NEXT FROM csr_login INTO @DatabasePrincipalName
|
|
WHILE @@FETCH_STATUS = 0
|
|
BEGIN
|
|
--#region Drop login
|
|
SET @cmd ='
|
|
use ?
|
|
if exists(
|
|
select 1
|
|
from sys.[server_principals]
|
|
WHERE type IN (''S'',''U'')
|
|
and name = '''+@DatabasePrincipalName+'''
|
|
)
|
|
begin
|
|
print ''Dropping login ' + QUOTENAME(@DatabasePrincipalName) +''';
|
|
DROP LOGIN ' + QUOTENAME(@DatabasePrincipalName) + N';
|
|
end
|
|
|
|
'
|
|
|
|
IF @DebugOnly = 1
|
|
BEGIN
|
|
RAISERROR(@cmd, 0, 1);
|
|
END;
|
|
ELSE
|
|
BEGIN
|
|
EXEC sys.[sp_MSforeachdb] @cmd;
|
|
END
|
|
--#endregion Drop login
|
|
|
|
|
|
FETCH NEXT FROM [csr_login] INTO @DatabasePrincipalName
|
|
END
|
|
|
|
CLOSE [csr_login]
|
|
DEALLOCATE [csr_login]
|
|
|
|
|
|
ALTER LOGIN sa DISABLE
|
|
|
|
ROLLBACK TRANSACTION
|
|
--COMMIT TRANSACTION
|
|
|