Fatal编程技术网
  • sql-server/
  • Sql server 正在寻找一个脚本,该脚本将编写出所有数据库级别的任务(包括xp_cmdshell和sql代理帐户)

Sql server 正在寻找一个脚本,该脚本将编写出所有数据库级别的任务(包括xp_cmdshell和sql代理帐户)

sql-server sql-server-2008

Sql server 正在寻找一个脚本,该脚本将编写出所有数据库级别的任务(包括xp_cmdshell和sql代理帐户),sql-server,sql-server-2008,Sql Server,Sql Server 2008,我需要一个存储过程或脚本,它将脚本化所有数据库级别的权限,包括对任何对象的xp_cmdshell的权限以及对sql代理帐户的权限 谢谢 您的问题是xp_cmdshell是一个主数据库权限,因此除非您在服务器上遍历数据库,否则您将无法执行您想要执行的操作。如果您试图将数据库的所有权限授予代理帐户,则只需将该帐户置于db_owner数据库角色中,它就可以通过角色成员身份获得这些权限。Xp_cmdshell是master中单独的显式授权,必须通过sp_configure启用,并且应用于旧版集成,而不应

我需要一个存储过程或脚本,它将脚本化所有数据库级别的权限,包括对任何对象的xp_cmdshell的权限以及对sql代理帐户的权限

谢谢

您的问题是xp_cmdshell是一个主数据库权限,因此除非您在服务器上遍历数据库,否则您将无法执行您想要执行的操作。如果您试图将数据库的所有权限授予代理帐户,则只需将该帐户置于db_owner数据库角色中,它就可以通过角色成员身份获得这些权限。Xp_cmdshell是master中单独的显式授权,必须通过sp_configure启用,并且应用于旧版集成,而不应用于新的开发工作。至少,如果您使用xp_cmdshell,应按照Tibor的示例设置代理帐户:

特定用户的权限可以通过查询DMV来编写脚本,类似于以下内容:

SELECT
permission.state_desc,
permission.permission_name,
obj.name
FROM
sys.all_objects AS obj
INNER JOIN sys.database_permissions AS permission ON permission.major_id=obj.object_id AND permission.minor_id=0 AND permission.class=1
INNER JOIN sys.database_principals AS grantor_principal ON grantor_principal.principal_id = permission.grantor_principal_id
INNER JOIN sys.database_principals AS grantee_principal ON grantee_principal.principal_id = permission.grantee_principal_id
WHERE (grantee_principal.name=N'JohnDoe')
您的问题是xp_cmdshell是一个主数据库权限,因此除非您在服务器上遍历数据库,否则您将无法执行您想要执行的操作。如果您试图将数据库的所有权限授予代理帐户,则只需将该帐户置于db_owner数据库角色中,它就可以通过角色成员身份获得这些权限。Xp_cmdshell是master中单独的显式授权,必须通过sp_configure启用,并且应用于旧版集成,而不应用于新的开发工作。至少,如果您使用xp_cmdshell,应按照Tibor的示例设置代理帐户:

特定用户的权限可以通过查询DMV来编写脚本,类似于以下内容:

SELECT
permission.state_desc,
permission.permission_name,
obj.name
FROM
sys.all_objects AS obj
INNER JOIN sys.database_permissions AS permission ON permission.major_id=obj.object_id AND permission.minor_id=0 AND permission.class=1
INNER JOIN sys.database_principals AS grantor_principal ON grantor_principal.principal_id = permission.grantor_principal_id
INNER JOIN sys.database_principals AS grantee_principal ON grantee_principal.principal_id = permission.grantee_principal_id
WHERE (grantee_principal.name=N'JohnDoe')
我还发现了另一个脚本:

SELECT
    dp.name db_principal_name,
    p.permission_name,
    COALESCE(o.type_desc,p.class_desc)
     + CASE WHEN o.type_desc IS NOT NULL
             AND minor_id > 0
            THEN '-COLUMN'
            ELSE '' END AS object_type,
    CASE p.class_desc WHEN 'SCHEMA' 
                      THEN schema_name(major_id)
                      WHEN 'OBJECT_OR_COLUMN' 
                      THEN CASE WHEN minor_id = 0 
                                THEN object_name(major_id)
                                ELSE (SELECT object_name(object_id) 
                                             + '.'+ name
                                      FROM sys.columns
                                      WHERE object_id = p.major_id
                                        AND column_id = p.minor_id) END
                      ELSE 'other' END AS object_name,
    p.state_desc AS grant_state,
    CONVERT(VARCHAR(MAX),p.state_desc) 
     + ' ' + CONVERT(VARCHAR(MAX),p.permission_name) 
     + ' ON ' + CASE WHEN minor_id = 0 
                     THEN object_name(major_id)
                     ELSE (SELECT object_name(object_id) + '.'+ name
                           FROM sys.columns
                           WHERE object_id = p.major_id
                             AND column_id = p.minor_id) END
     + ' TO [' + CONVERT(VARCHAR(MAX),dp.NAME) 
     + ']' Collate SQL_Latin1_General_CP1_CI_AS 
FROM sys.database_permissions p
INNER JOIN sys.database_principals dp 
        ON p.grantee_principal_id = dp.principal_id
LEFT OUTER JOIN sys.objects o 
        ON o.object_id = p.major_id
--WHERE dp.name <> 'public'
ORDER BY dp.name, object_name
我还发现了另一个脚本:

SELECT
    dp.name db_principal_name,
    p.permission_name,
    COALESCE(o.type_desc,p.class_desc)
     + CASE WHEN o.type_desc IS NOT NULL
             AND minor_id > 0
            THEN '-COLUMN'
            ELSE '' END AS object_type,
    CASE p.class_desc WHEN 'SCHEMA' 
                      THEN schema_name(major_id)
                      WHEN 'OBJECT_OR_COLUMN' 
                      THEN CASE WHEN minor_id = 0 
                                THEN object_name(major_id)
                                ELSE (SELECT object_name(object_id) 
                                             + '.'+ name
                                      FROM sys.columns
                                      WHERE object_id = p.major_id
                                        AND column_id = p.minor_id) END
                      ELSE 'other' END AS object_name,
    p.state_desc AS grant_state,
    CONVERT(VARCHAR(MAX),p.state_desc) 
     + ' ' + CONVERT(VARCHAR(MAX),p.permission_name) 
     + ' ON ' + CASE WHEN minor_id = 0 
                     THEN object_name(major_id)
                     ELSE (SELECT object_name(object_id) + '.'+ name
                           FROM sys.columns
                           WHERE object_id = p.major_id
                             AND column_id = p.minor_id) END
     + ' TO [' + CONVERT(VARCHAR(MAX),dp.NAME) 
     + ']' Collate SQL_Latin1_General_CP1_CI_AS 
FROM sys.database_permissions p
INNER JOIN sys.database_principals dp 
        ON p.grantee_principal_id = dp.principal_id
LEFT OUTER JOIN sys.objects o 
        ON o.object_id = p.major_id
--WHERE dp.name <> 'public'
ORDER BY dp.name, object_name