Sql server 正在寻找一个脚本,该脚本将编写出所有数据库级别的任务(包括xp_cmdshell和sql代理帐户)
我需要一个存储过程或脚本,它将脚本化所有数据库级别的权限,包括对任何对象的xp_cmdshell的权限以及对sql代理帐户的权限Sql server 正在寻找一个脚本,该脚本将编写出所有数据库级别的任务(包括xp_cmdshell和sql代理帐户),sql-server,sql-server-2008,Sql Server,Sql Server 2008,我需要一个存储过程或脚本,它将脚本化所有数据库级别的权限,包括对任何对象的xp_cmdshell的权限以及对sql代理帐户的权限 谢谢 您的问题是xp_cmdshell是一个主数据库权限,因此除非您在服务器上遍历数据库,否则您将无法执行您想要执行的操作。如果您试图将数据库的所有权限授予代理帐户,则只需将该帐户置于db_owner数据库角色中,它就可以通过角色成员身份获得这些权限。Xp_cmdshell是master中单独的显式授权,必须通过sp_configure启用,并且应用于旧版集成,而不应
谢谢 您的问题是xp_cmdshell是一个主数据库权限,因此除非您在服务器上遍历数据库,否则您将无法执行您想要执行的操作。如果您试图将数据库的所有权限授予代理帐户,则只需将该帐户置于db_owner数据库角色中,它就可以通过角色成员身份获得这些权限。Xp_cmdshell是master中单独的显式授权,必须通过sp_configure启用,并且应用于旧版集成,而不应用于新的开发工作。至少,如果您使用xp_cmdshell,应按照Tibor的示例设置代理帐户: 特定用户的权限可以通过查询DMV来编写脚本,类似于以下内容:
SELECT
permission.state_desc,
permission.permission_name,
obj.name
FROM
sys.all_objects AS obj
INNER JOIN sys.database_permissions AS permission ON permission.major_id=obj.object_id AND permission.minor_id=0 AND permission.class=1
INNER JOIN sys.database_principals AS grantor_principal ON grantor_principal.principal_id = permission.grantor_principal_id
INNER JOIN sys.database_principals AS grantee_principal ON grantee_principal.principal_id = permission.grantee_principal_id
WHERE (grantee_principal.name=N'JohnDoe')
您的问题是xp_cmdshell是一个主数据库权限,因此除非您在服务器上遍历数据库,否则您将无法执行您想要执行的操作。如果您试图将数据库的所有权限授予代理帐户,则只需将该帐户置于db_owner数据库角色中,它就可以通过角色成员身份获得这些权限。Xp_cmdshell是master中单独的显式授权,必须通过sp_configure启用,并且应用于旧版集成,而不应用于新的开发工作。至少,如果您使用xp_cmdshell,应按照Tibor的示例设置代理帐户: 特定用户的权限可以通过查询DMV来编写脚本,类似于以下内容:
SELECT
permission.state_desc,
permission.permission_name,
obj.name
FROM
sys.all_objects AS obj
INNER JOIN sys.database_permissions AS permission ON permission.major_id=obj.object_id AND permission.minor_id=0 AND permission.class=1
INNER JOIN sys.database_principals AS grantor_principal ON grantor_principal.principal_id = permission.grantor_principal_id
INNER JOIN sys.database_principals AS grantee_principal ON grantee_principal.principal_id = permission.grantee_principal_id
WHERE (grantee_principal.name=N'JohnDoe')
我还发现了另一个脚本:
SELECT
dp.name db_principal_name,
p.permission_name,
COALESCE(o.type_desc,p.class_desc)
+ CASE WHEN o.type_desc IS NOT NULL
AND minor_id > 0
THEN '-COLUMN'
ELSE '' END AS object_type,
CASE p.class_desc WHEN 'SCHEMA'
THEN schema_name(major_id)
WHEN 'OBJECT_OR_COLUMN'
THEN CASE WHEN minor_id = 0
THEN object_name(major_id)
ELSE (SELECT object_name(object_id)
+ '.'+ name
FROM sys.columns
WHERE object_id = p.major_id
AND column_id = p.minor_id) END
ELSE 'other' END AS object_name,
p.state_desc AS grant_state,
CONVERT(VARCHAR(MAX),p.state_desc)
+ ' ' + CONVERT(VARCHAR(MAX),p.permission_name)
+ ' ON ' + CASE WHEN minor_id = 0
THEN object_name(major_id)
ELSE (SELECT object_name(object_id) + '.'+ name
FROM sys.columns
WHERE object_id = p.major_id
AND column_id = p.minor_id) END
+ ' TO [' + CONVERT(VARCHAR(MAX),dp.NAME)
+ ']' Collate SQL_Latin1_General_CP1_CI_AS
FROM sys.database_permissions p
INNER JOIN sys.database_principals dp
ON p.grantee_principal_id = dp.principal_id
LEFT OUTER JOIN sys.objects o
ON o.object_id = p.major_id
--WHERE dp.name <> 'public'
ORDER BY dp.name, object_name
我还发现了另一个脚本:
SELECT
dp.name db_principal_name,
p.permission_name,
COALESCE(o.type_desc,p.class_desc)
+ CASE WHEN o.type_desc IS NOT NULL
AND minor_id > 0
THEN '-COLUMN'
ELSE '' END AS object_type,
CASE p.class_desc WHEN 'SCHEMA'
THEN schema_name(major_id)
WHEN 'OBJECT_OR_COLUMN'
THEN CASE WHEN minor_id = 0
THEN object_name(major_id)
ELSE (SELECT object_name(object_id)
+ '.'+ name
FROM sys.columns
WHERE object_id = p.major_id
AND column_id = p.minor_id) END
ELSE 'other' END AS object_name,
p.state_desc AS grant_state,
CONVERT(VARCHAR(MAX),p.state_desc)
+ ' ' + CONVERT(VARCHAR(MAX),p.permission_name)
+ ' ON ' + CASE WHEN minor_id = 0
THEN object_name(major_id)
ELSE (SELECT object_name(object_id) + '.'+ name
FROM sys.columns
WHERE object_id = p.major_id
AND column_id = p.minor_id) END
+ ' TO [' + CONVERT(VARCHAR(MAX),dp.NAME)
+ ']' Collate SQL_Latin1_General_CP1_CI_AS
FROM sys.database_permissions p
INNER JOIN sys.database_principals dp
ON p.grantee_principal_id = dp.principal_id
LEFT OUTER JOIN sys.objects o
ON o.object_id = p.major_id
--WHERE dp.name <> 'public'
ORDER BY dp.name, object_name