[英]Database Restore - SQL Script for listing securables
我将数据库从一台服务器还原到另一台服务器。 恢复数据库后,我遇到了这个孤立的用户问题,我使用-
exec sp_change_users_login 'Update_One', 'UserName', 'LoginName'
现在,该特定用户已与给定的服务器登录名链接。 一切都很好,直到这里。
但是,我仍然遇到与“可抵押物”有关的问题
由于该用户缺少对许多数据库对象的许可,因此我用Google搜索并找到了一种方法-通过-生成脚本-
1. Select Database
2. Right click database to see context menu
3. Select 'Tasks',
4. From the sub-menu, select 'Generate Scripts'
5. Select 'Set Scripting Options'
6. From 'Advanced' section - set 'Object Level Permissions' to true.
因此,我们将获得所有GRANT SELECT / GRANT EXECUTE脚本等的列表。
但是,我正在寻找另一种方式,不必每次都通过此向导运行,并且我可以编写自己的数据库脚本来列出给定数据库用户的数据库安全性和权限。
谁能指导我寻找哪些(系统)数据库表?
谢谢!
-- database roles
-- role definitions
SELECT
dp1.name as RoleName,
dp2.name AS OwnedBy,
'CREATE ROLE [' + dp1.name + '] AUTHORIZATION [' + dp2.name + ']' AS cmd
FROM
sys.database_principals dp1
JOIN
sys.database_principals dp2 ON dp1.owning_principal_id = dp2.principal_id
WHERE dp1.type = 'R'
AND dp1.is_fixed_role = 0
AND dp1.name <> 'public'
-- role members
SELECT p2.name dbrole, p.name dbuser, 'EXEC sp_addrolemember ''' + p2.name + ''', ''' + p.name + '''' cmd
from
sys.database_role_members m
join
sys.database_principals p on m.member_principal_id = p.principal_id
join
sys.database_principals p2 on m.role_principal_id = p2.principal_id
WHERE p.name <> 'dbo'
ORDER BY p2.name, p.name
-- database permissions
SELECT
--/*
prin.name AS UserName,
objsch.name SchemaName,
perm.class,
perm.state_desc + ' ' + perm.permission_name AS Permission,
CASE
WHEN perm.class = 1 AND perm.minor_id <> 0 THEN 'COLUMN'
WHEN perm.class = 1 THEN obj.type_desc
ELSE perm.class_desc
END AS ObjectType,
CASE
WHEN perm.class = 3 THEN sch.name
WHEN cols.object_id IS NOT NULL THEN obj.name + '.' + cols.name
WHEN perm.class = 0 THEN DB_NAME()
ELSE ISNULL(obj.name, 'n/a')
END AS ObjectName,
--*/
perm.state_desc + ' ' + perm.permission_name collate SQL_Latin1_General_CP1_CI_AS +
CASE WHEN perm.class <> 0 -- don't do this part for databases
THEN
' ON ' +
CASE
WHEN perm.class = 3 THEN 'SCHEMA::[' + sch.name + ']'
WHEN cols.object_id IS NOT NULL THEN '[' + objsch.name + '].[' + obj.name + '](' + cols.name + ')'
WHEN perm.class = 0 THEN DB_NAME()
ELSE ISNULL('[' + objsch.name + '].[' + obj.name + ']', 'n/a')
END --AS ObjectName--,
ELSE ''
END
+ ' TO ['
+ prin.name
+ ']' AS cmd
FROM
sys.database_permissions perm
JOIN
sys.database_principals prin on perm.grantee_principal_id = prin.principal_id
LEFT JOIN
sys.all_objects obj ON perm.major_id = obj.object_id
LEFT JOIN
sys.all_columns cols ON perm.major_id = cols.object_id and perm.minor_id = cols.column_id
LEFT JOIN
sys.schemas objsch ON obj.schema_id = objsch.schema_id
LEFT JOIN
sys.schemas sch ON perm.major_id = sch.schema_id
WHERE prin.name <> 'public'
AND prin.name <> 'dbo'
--AND perm.major_id >= 0
--AND perm.class_desc <> 'DATABASE'
ORDER BY
prin.name,
perm.class,
ObjectType,
CASE
WHEN perm.class = 3 THEN '[' + sch.name + ']'
WHEN cols.object_id IS NOT NULL THEN '[' + objsch.name + '].[' + obj.name + '](' + cols.name + ')'
WHEN perm.class = 0 THEN DB_NAME()
ELSE ISNULL('[' + objsch.name + '].[' + obj.name + ']', 'n/a')
END
-- sp_helpuser
-- select distinct 'DROP USER [' + name + ']' from sys.database_principals order by 1
要获取给定用户的表权限:
SELECT * FROM (
select
USER_NAME(p.grantee_principal_id) as grantee,
o.name AS TABLE_NAME,
convert(varchar(10), CASE p.type
WHEN 'RF' THEN 'REFERENCES'
WHEN 'SL' THEN 'SELECT'
WHEN 'IN' THEN 'INSERT'
WHEN 'DL' THEN 'DELETE'
WHEN 'UP' THEN 'UPDATE'
END) AS PRIVILEGE_TYPE
from
sys.database_permissions p,
sys.objects o
where
o.type in ('U', 'V') AND
p.major_id = o.object_id AND
p.minor_id = 0
) table_privileges
WHERE grantee = 'myuser'
对于这些表上的列:
SELECT * FROM (
SELECT User_name(p.grantor_principal_id)
AS
grantor,
User_name(p.grantee_principal_id)
AS grantee,
Db_name()
AS table_catalog,
Schema_name(o.schema_id)
AS table_schema,
o.name
AS table_name,
c.name
AS column_name,
CONVERT(VARCHAR(10), CASE p.TYPE WHEN 'SL' THEN 'SELECT' WHEN 'UP' THEN
'UPDATE'
WHEN 'RF' THEN 'REFERENCES' END)
AS privilege_type,
CONVERT(VARCHAR(3), CASE p.state WHEN 'G' THEN 'NO' WHEN 'W' THEN 'YES'
END) AS
is_grantable
FROM sys.database_permissions p,
sys.objects o,
sys.columns c
WHERE o.TYPE IN ( 'U', 'V' )
AND o.object_id = c.object_id
AND p.class = 1
AND p.major_id = o.object_id
AND ( p.minor_id = c.column_id
OR ( p.minor_id = 0
AND NOT EXISTS (SELECT *
FROM sys.database_permissions m
WHERE m.class = 1
AND m.major_id = p.major_id
AND m.minor_id = c.column_id
AND m.TYPE = p.TYPE
AND m.state <> p.state) ) )
AND p.TYPE IN ( 'RF', 'SL', 'UP' )
AND p.state IN ( 'G', 'W' )
AND 0 != ( Permissions(o.object_id, c.name) & -- back compat
CASE p.TYPE
WHEN 'RF' THEN 4 -- REFERENCES basebit
WHEN 'SL' THEN 1 -- SELECT basebit
WHEN 'UP' THEN 2 -- UPDATE basebit
END )
) column_privileges
WHERE grantee = 'myuser'
这些是我从这里获得的脚本的修改版本: https : //dba.stackexchange.com/a/9118/5074
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.