Warning: file_get_contents(/data/phpspider/zhask/data//catemap/5/sql/70.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
T-SQL脚本当前用户数据库权限_Sql_Tsql_User Permissions - Fatal编程技术网
Fatal编程技术网
  • sql/
  • T-SQL脚本当前用户数据库权限

T-SQL脚本当前用户数据库权限

sql tsql

T-SQL脚本当前用户数据库权限,sql,tsql,user-permissions,Sql,Tsql,User Permissions,有时,我必须将数据库从生产SQL server恢复到测试SQL实例。当数据库被还原后,我们手动还原还原数据库的正确访问权限(例如DB owner/reader/writer)。这个过程运行得相当好,除了在恢复之前必须手动截屏权限,然后从拍摄的图像中重新应用权限 是否有一种简单的方法可以在数据库还原之前使用T-SQL存储用户的当前权限,然后在还原完成后重新应用这些权限?有一个非常有用的功能: sys.fn\u我的\u权限(安全的,'安全的\u类') 它使您能够查看当前用户对指定对象的有效权限,因此

有时,我必须将数据库从生产SQL server恢复到测试SQL实例。当数据库被还原后,我们手动还原还原数据库的正确访问权限(例如DB owner/reader/writer)。这个过程运行得相当好,除了在恢复之前必须手动截屏权限,然后从拍摄的图像中重新应用权限

是否有一种简单的方法可以在数据库还原之前使用T-SQL存储用户的当前权限,然后在还原完成后重新应用这些权限?

有一个非常有用的功能: sys.fn\u我的\u权限(安全的,'安全的\u类') 它使您能够查看当前用户对指定对象的有效权限,因此我不知道您是否可以简单地从中生成GRANT/DENY命令。我从来没有这样用过。 在您的情况下,您可以作为另一个用户运行它:

EXECUTE AS USER = '<username>';
GO
SELECT *
FROM fn_my_permissions(null, 'SERVER') 
GO

SELECT *
FROM fn_my_permissions('<DBNAME>', 'Database')
ORDER BY subentity_name, permission_name ;

REVERT;
GO

以用户身份执行=“”;
去
挑选*
来自fn_my_权限(null,'SERVER')
去
挑选*
从fn_my_权限(“”,'数据库')
按子实体名称、权限名称排序;
还原
去
您正在处理的问题称为

这是我过去使用过的一个脚本(我必须从内存中将其组合起来,以便您仔细验证):

这个脚本提出了一个重要的假设。确保用户登录名与其在数据库中的用户名匹配。如果不是这样,您必须更改发送给sp\u change\u users\u login的@LoginName参数。

您的问题的答案很可能是Jeff的答案

SELECT 
dp.permission_name collate latin1_general_cs_as    AS Permission,
t.TABLE_SCHEMA + '.' + o.name AS Object,
dpr.name AS Username
FROM sys.database_permissions AS dp
INNER JOIN sys.objects AS o ON dp.major_id=o.object_id
INNER JOIN sys.schemas AS s ON o.schema_id = s.schema_id
INNER JOIN sys.database_principals AS dpr ON dp.grantee_principal_id=dpr.principal_id
INNER JOIN INFORMATION_SCHEMA.TABLES t
        ON  TABLE_NAME = o.name                
WHERE dpr.name NOT IN ('public','guest')
ORDER BY
  Permission, Object,Username
但是Howard的脚本非常实用,我只是添加了一个列,它用这些信息生成TSQL语法。您可以将其复制并作为SQL运行,以便将权限“复制”到另一个db

SELECT 
dp.permission_name collate latin1_general_cs_as    AS Permission,
t.TABLE_SCHEMA + '.' + o.name AS Object,
dpr.name AS Username
, 'GRANT ' + dp.permission_name collate latin1_general_cs_as 
    + ' ON ' 
    + t.TABLE_SCHEMA 
    + '.' 
    + o.name 
    + ' TO ' 
    +  dpr.name
FROM sys.database_permissions AS dp
INNER JOIN sys.objects AS o ON dp.major_id=o.object_id
INNER JOIN sys.schemas AS s ON o.schema_id = s.schema_id
INNER JOIN sys.database_principals AS dpr ON dp.grantee_principal_id=dpr.principal_id
INNER JOIN INFORMATION_SCHEMA.TABLES t
    ON  TABLE_NAME = o.name                
WHERE dpr.name NOT IN ('public','guest')
ORDER BY
   Permission, Object,Username
结合以下关于权限的答案:

SELECT 'EXEC sp_addrolemember @rolename ='
+ SPACE(1) + QUOTENAME(USER_NAME(rm.role_principal_id), '')
+ ', @membername =' + SPACE(1) + QUOTENAME(USER_NAME(rm.member_principal_id), '') 
AS 'Role Memberships'
FROM sys.database_role_members AS rm
ORDER BY rm.role_principal_id
这里是@Fabian编写的脚本的一个修改版本,这样我也可以编写存储过程的权限。还添加了QUOTENAME,因此相应的内容在括号中

SELECT 
    dp.permission_name collate latin1_general_cs_as    AS Permission,
    t.TABLE_SCHEMA + '.' + o.name AS TableName,
    rt.ROUTINE_SCHEMA + '.' + o.name AS ProcedureName,
    dpr.name AS Username
    , 'GRANT ' + dp.permission_name collate latin1_general_cs_as 
        + ' ON ' 
        + QUOTENAME(CASE WHEN t.TABLE_SCHEMA IS NOT NULL THEN t.TABLE_SCHEMA ELSE rt.ROUTINE_SCHEMA END )
        + '.' 
        + QUOTENAME(o.name)
        + ' TO ' 
        +  QUOTENAME(dpr.name)
FROM sys.database_permissions AS dp
INNER JOIN sys.objects AS o ON dp.major_id=o.object_id
INNER JOIN sys.schemas AS s ON o.schema_id = s.schema_id
INNER JOIN sys.database_principals AS dpr ON dp.grantee_principal_id=dpr.principal_id
LEFT outer JOIN INFORMATION_SCHEMA.TABLES t ON  TABLE_NAME = o.name              
LEFT OUTER JOIN INFORMATION_SCHEMA.ROUTINES rt ON rt.ROUTINE_NAME = o.name
WHERE dpr.name NOT IN ('public','guest')
ORDER BY Permission, TableName, ProcedureName, Username
非常感谢您的回复:)您的脚本很有效,但问题不在于孤立用户。我需要一种在数据库恢复之前编写用户权限脚本的方法。之后,我将使用所述脚本重新应用记录的权限。我说得通吗/谢谢你的回复:)是的,这是一个非常有用的功能。你知道有没有一种方法可以以t-sql格式返回权限,这样就可以通过运行返回的脚本轻松地重新应用权限?他说的是权限,但从他接下来说的话来看,他指的是rolemembers,而这个脚本不这样做。这很好,但对存储过程不起作用。我必须手动编写这些脚本,即授权在。。。 
SELECT 
    dp.permission_name collate latin1_general_cs_as    AS Permission,
    t.TABLE_SCHEMA + '.' + o.name AS TableName,
    rt.ROUTINE_SCHEMA + '.' + o.name AS ProcedureName,
    dpr.name AS Username
    , 'GRANT ' + dp.permission_name collate latin1_general_cs_as 
        + ' ON ' 
        + QUOTENAME(CASE WHEN t.TABLE_SCHEMA IS NOT NULL THEN t.TABLE_SCHEMA ELSE rt.ROUTINE_SCHEMA END )
        + '.' 
        + QUOTENAME(o.name)
        + ' TO ' 
        +  QUOTENAME(dpr.name)
FROM sys.database_permissions AS dp
INNER JOIN sys.objects AS o ON dp.major_id=o.object_id
INNER JOIN sys.schemas AS s ON o.schema_id = s.schema_id
INNER JOIN sys.database_principals AS dpr ON dp.grantee_principal_id=dpr.principal_id
LEFT outer JOIN INFORMATION_SCHEMA.TABLES t ON  TABLE_NAME = o.name              
LEFT OUTER JOIN INFORMATION_SCHEMA.ROUTINES rt ON rt.ROUTINE_NAME = o.name
WHERE dpr.name NOT IN ('public','guest')
ORDER BY Permission, TableName, ProcedureName, Username