我将数据库从一台服务器恢复到另一台服务器。恢复数据库后, 我遇到了这个孤立用户的问题,我决定使用 -
exec sp_change_users_login 'Update_One', 'UserName', 'LoginName'
现在,此特定用户与给定的服务器登录链接。一切都好到这里。
但是,我仍然遇到与'Securables'有关的问题
由于此用户缺少许多数据库对象的权限,我用Google搜索并找到了一种方法 - 通过 -
生成脚本1. Select Database
2. Right click database to see context menu
3. Select 'Tasks',
4. From the sub-menu, select 'Generate Scripts'
5. Select 'Set Scripting Options'
6. From 'Advanced' section - set 'Object Level Permissions' to true.
因此,我们将获得所有GRANT SELECT / GRANT EXECUTE脚本等的列表。
但是,我正在寻找另一种方式,我不必每次都运行此向导,我可以编写自己的数据库脚本来列出给定数据库用户的数据库安全性和权限。
任何人都可以指导我应该查找哪些(系统)数据库表吗?
谢谢!
答案 0 :(得分:1)
-- database roles
-- role definitions
SELECT
dp1.name as RoleName,
dp2.name AS OwnedBy,
'CREATE ROLE [' + dp1.name + '] AUTHORIZATION [' + dp2.name + ']' AS cmd
FROM
sys.database_principals dp1
JOIN
sys.database_principals dp2 ON dp1.owning_principal_id = dp2.principal_id
WHERE dp1.type = 'R'
AND dp1.is_fixed_role = 0
AND dp1.name <> 'public'
-- role members
SELECT p2.name dbrole, p.name dbuser, 'EXEC sp_addrolemember ''' + p2.name + ''', ''' + p.name + '''' cmd
from
sys.database_role_members m
join
sys.database_principals p on m.member_principal_id = p.principal_id
join
sys.database_principals p2 on m.role_principal_id = p2.principal_id
WHERE p.name <> 'dbo'
ORDER BY p2.name, p.name
-- database permissions
SELECT
--/*
prin.name AS UserName,
objsch.name SchemaName,
perm.class,
perm.state_desc + ' ' + perm.permission_name AS Permission,
CASE
WHEN perm.class = 1 AND perm.minor_id <> 0 THEN 'COLUMN'
WHEN perm.class = 1 THEN obj.type_desc
ELSE perm.class_desc
END AS ObjectType,
CASE
WHEN perm.class = 3 THEN sch.name
WHEN cols.object_id IS NOT NULL THEN obj.name + '.' + cols.name
WHEN perm.class = 0 THEN DB_NAME()
ELSE ISNULL(obj.name, 'n/a')
END AS ObjectName,
--*/
perm.state_desc + ' ' + perm.permission_name collate SQL_Latin1_General_CP1_CI_AS +
CASE WHEN perm.class <> 0 -- don't do this part for databases
THEN
' ON ' +
CASE
WHEN perm.class = 3 THEN 'SCHEMA::[' + sch.name + ']'
WHEN cols.object_id IS NOT NULL THEN '[' + objsch.name + '].[' + obj.name + '](' + cols.name + ')'
WHEN perm.class = 0 THEN DB_NAME()
ELSE ISNULL('[' + objsch.name + '].[' + obj.name + ']', 'n/a')
END --AS ObjectName--,
ELSE ''
END
+ ' TO ['
+ prin.name
+ ']' AS cmd
FROM
sys.database_permissions perm
JOIN
sys.database_principals prin on perm.grantee_principal_id = prin.principal_id
LEFT JOIN
sys.all_objects obj ON perm.major_id = obj.object_id
LEFT JOIN
sys.all_columns cols ON perm.major_id = cols.object_id and perm.minor_id = cols.column_id
LEFT JOIN
sys.schemas objsch ON obj.schema_id = objsch.schema_id
LEFT JOIN
sys.schemas sch ON perm.major_id = sch.schema_id
WHERE prin.name <> 'public'
AND prin.name <> 'dbo'
--AND perm.major_id >= 0
--AND perm.class_desc <> 'DATABASE'
ORDER BY
prin.name,
perm.class,
ObjectType,
CASE
WHEN perm.class = 3 THEN '[' + sch.name + ']'
WHEN cols.object_id IS NOT NULL THEN '[' + objsch.name + '].[' + obj.name + '](' + cols.name + ')'
WHEN perm.class = 0 THEN DB_NAME()
ELSE ISNULL('[' + objsch.name + '].[' + obj.name + ']', 'n/a')
END
-- sp_helpuser
-- select distinct 'DROP USER [' + name + ']' from sys.database_principals order by 1
答案 1 :(得分:0)
获取给定用户的表权限:
SELECT * FROM (
select
USER_NAME(p.grantee_principal_id) as grantee,
o.name AS TABLE_NAME,
convert(varchar(10), CASE p.type
WHEN 'RF' THEN 'REFERENCES'
WHEN 'SL' THEN 'SELECT'
WHEN 'IN' THEN 'INSERT'
WHEN 'DL' THEN 'DELETE'
WHEN 'UP' THEN 'UPDATE'
END) AS PRIVILEGE_TYPE
from
sys.database_permissions p,
sys.objects o
where
o.type in ('U', 'V') AND
p.major_id = o.object_id AND
p.minor_id = 0
) table_privileges
WHERE grantee = 'myuser'
对于这些表格中的列:
SELECT * FROM (
SELECT User_name(p.grantor_principal_id)
AS
grantor,
User_name(p.grantee_principal_id)
AS grantee,
Db_name()
AS table_catalog,
Schema_name(o.schema_id)
AS table_schema,
o.name
AS table_name,
c.name
AS column_name,
CONVERT(VARCHAR(10), CASE p.TYPE WHEN 'SL' THEN 'SELECT' WHEN 'UP' THEN
'UPDATE'
WHEN 'RF' THEN 'REFERENCES' END)
AS privilege_type,
CONVERT(VARCHAR(3), CASE p.state WHEN 'G' THEN 'NO' WHEN 'W' THEN 'YES'
END) AS
is_grantable
FROM sys.database_permissions p,
sys.objects o,
sys.columns c
WHERE o.TYPE IN ( 'U', 'V' )
AND o.object_id = c.object_id
AND p.class = 1
AND p.major_id = o.object_id
AND ( p.minor_id = c.column_id
OR ( p.minor_id = 0
AND NOT EXISTS (SELECT *
FROM sys.database_permissions m
WHERE m.class = 1
AND m.major_id = p.major_id
AND m.minor_id = c.column_id
AND m.TYPE = p.TYPE
AND m.state <> p.state) ) )
AND p.TYPE IN ( 'RF', 'SL', 'UP' )
AND p.state IN ( 'G', 'W' )
AND 0 != ( Permissions(o.object_id, c.name) & -- back compat
CASE p.TYPE
WHEN 'RF' THEN 4 -- REFERENCES basebit
WHEN 'SL' THEN 1 -- SELECT basebit
WHEN 'UP' THEN 2 -- UPDATE basebit
END )
) column_privileges
WHERE grantee = 'myuser'
这些是我从这里获得的脚本的修改版本:https://dba.stackexchange.com/a/9118/5074