寻找一个脚本,它将脚本化所有数据库级别的持久性(包括xp_cmdshell和sql代理帐户)

时间:2009-12-01 00:23:05

标签: sql-server sql-server-2008

我需要一个存储过程或脚本来编写所有数据库级权限 - 包括对任何对象的xp_cmdshell权限以及对sql代理帐户的权限。

谢谢!

2 个答案:

答案 0 :(得分:1)

您的问题是xp_cmdshell是主数据库权限,因此除非您在服务器上遍历数据库,否则您将无法执行您想要执行的操作。如果您尝试将数据库的所有权限授予代理帐户,则应将该帐户置于db_owner数据库角色中,并通过角色成员身份获取这些权限。 Xp_cmdshell是master中的一个单独的显式授权,必须通过sp_configure启用,并且应该用于遗留集成,它不应该用于新的开发工作。至少,如果您使用xp_cmdshell,则应根据Tibor的示例设置代理帐户:

http://sqlblog.com/blogs/tibor_karaszi/archive/2007/08/23/xp-cmdshell-and-permissions.aspx

可以通过查询DMV来编写特定用户的权限,类似于以下内容:

SELECT
permission.state_desc,
permission.permission_name,
obj.name
FROM
sys.all_objects AS obj
INNER JOIN sys.database_permissions AS permission ON permission.major_id=obj.object_id AND permission.minor_id=0 AND permission.class=1
INNER JOIN sys.database_principals AS grantor_principal ON grantor_principal.principal_id = permission.grantor_principal_id
INNER JOIN sys.database_principals AS grantee_principal ON grantee_principal.principal_id = permission.grantee_principal_id
WHERE (grantee_principal.name=N'JohnDoe')

答案 1 :(得分:0)

我还找到了另一个脚本:

SELECT
    dp.name db_principal_name,
    p.permission_name,
    COALESCE(o.type_desc,p.class_desc)
     + CASE WHEN o.type_desc IS NOT NULL
             AND minor_id > 0
            THEN '-COLUMN'
            ELSE '' END AS object_type,
    CASE p.class_desc WHEN 'SCHEMA' 
                      THEN schema_name(major_id)
                      WHEN 'OBJECT_OR_COLUMN' 
                      THEN CASE WHEN minor_id = 0 
                                THEN object_name(major_id)
                                ELSE (SELECT object_name(object_id) 
                                             + '.'+ name
                                      FROM sys.columns
                                      WHERE object_id = p.major_id
                                        AND column_id = p.minor_id) END
                      ELSE 'other' END AS object_name,
    p.state_desc AS grant_state,
    CONVERT(VARCHAR(MAX),p.state_desc) 
     + ' ' + CONVERT(VARCHAR(MAX),p.permission_name) 
     + ' ON ' + CASE WHEN minor_id = 0 
                     THEN object_name(major_id)
                     ELSE (SELECT object_name(object_id) + '.'+ name
                           FROM sys.columns
                           WHERE object_id = p.major_id
                             AND column_id = p.minor_id) END
     + ' TO [' + CONVERT(VARCHAR(MAX),dp.NAME) 
     + ']' Collate SQL_Latin1_General_CP1_CI_AS 
FROM sys.database_permissions p
INNER JOIN sys.database_principals dp 
        ON p.grantee_principal_id = dp.principal_id
LEFT OUTER JOIN sys.objects o 
        ON o.object_id = p.major_id
--WHERE dp.name <> 'public'
ORDER BY dp.name, object_name
相关问题
最新问题