重庆分公司,新征程启航
为企业提供网站建设、域名注册、服务器等服务
这期内容当中小编将会给大家带来有关怎么在SQL Server中处理数据库角色权限,文章内容丰富且以专业的角度为大家分析和叙述,阅读完这篇文章希望大家可以有所收获。
创新互联建站服务项目包括东昌府网站建设、东昌府网站制作、东昌府网页制作以及东昌府网络营销策划等。多年来,我们专注于互联网行业,利用自身积累的技术优势、行业经验、深度合作伙伴关系等,向广大中小型企业、政府机构等提供互联网行业的解决方案,东昌府网站推广取得了明显的社会效益与经济效益。目前,我们服务的客户以成都为中心已经辐射到东昌府省份的部分城市,未来相信会继续扩大服务区域并继续获得客户的支持与信任!
1:遍历所有用户数据库(排除了系统数据库以及一些特殊数据库),发现该数据库不存在这些通用数据库角色,那么就创建相关数据库角色。
2:遍历所有用户数据库,为相关数据库角色授权,例如,如果发现某个新增的存储过程,没有授权给db_procedure_execute数据库角色。那么就执行授权操作。
当然目前还在测试、应用阶段,以后会根据具体相关需求,不断完善相关功能。
USE YourSQLDba; GO IF EXISTS (SELECT 1 FROM sys.procedures WHERE type='P' AND name='db_common_role_grant_rigths') BEGIN DROP PROCEDURE Maint.db_common_role_grant_rigths; END GO CREATE PROCEDURE Maint.db_common_role_grant_rigths AS BEGIN DECLARE @database_id INT; DECLARE @database_name sysname; DECLARE @cmdText NVARCHAR(MAX); DECLARE @prc_text NVARCHAR(MAX); DECLARE @RowIndex INT; IF OBJECT_ID('TempDB.dbo.#databases') IS NOT NULL DROP TABLE dbo.#databases; CREATE TABLE #databases ( database_id INT, database_name sysname ) IF OBJECT_ID('TempDB.dbo.#sql_text') IS NOT NULL DROP TABLE dbo.#sql_text; CREATE TABLE #sql_text ( sql_id INT IDENTITY(1,1), sql_cmd NVARCHAR(MAX) ) INSERT INTO #databases SELECT database_id , name FROM sys.databases WHERE name NOT IN ( 'master', 'tempdb', 'model', 'msdb', 'distribution', 'ReportServer', 'ReportServerTempDB', 'YourSQLDba' ) AND state = 0; --state_desc=ONLINE --开始循环每一个用户数据库(排除了上面相关数据库) WHILE 1= 1 BEGIN SELECT TOP 1 @database_name= database_name FROM #databases ORDER BY database_id; IF @@ROWCOUNT =0 BREAK; --PRINT(@database_name); -- SP_EXECUTESQL 中切换数据库不能当参数传入。 --创建数据库角色db_procedure_execute SET @cmdText = 'USE ' + @database_name + ';' +CHAR(10) SELECT @cmdText += 'IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name =''db_procedure_execute'') BEGIN CREATE ROLE [db_procedure_execute] AUTHORIZATION [dbo]; END ' + CHAR(10); --创建数据库角色db_function_execute SELECT @cmdText += 'IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name =''db_function_execute'') BEGIN CREATE ROLE [db_function_execute] AUTHORIZATION [dbo]; END' + CHAR(10); --创建数据库角色db_view_table_definition SELECT @cmdText += 'IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name =''db_view_table_definition'') BEGIN CREATE ROLE [db_view_table_definition] AUTHORIZATION [dbo]; END ' + CHAR(10); --创建数据库角色db_view_view_definition SELECT @cmdText += 'IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name =''db_view_view_definition'') BEGIN CREATE ROLE [db_view_view_definition] AUTHORIZATION [dbo]; END ' + CHAR(10); --创建数据库角色db_view_procedure_definition SELECT @cmdText += 'IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name =''db_view_procedure_definition'') BEGIN CREATE ROLE [db_view_procedure_definition] AUTHORIZATION [dbo]; END ' + CHAR(10); --创建数据库角色db_view_function_definition SELECT @cmdText += 'IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name =''db_view_function_definition'') BEGIN CREATE ROLE [db_view_function_definition] AUTHORIZATION [dbo]; END ' + CHAR(10); --PRINT @cmdText; -- EXECUTE SP_EXECUTESQL @cmdText; EXECUTE (@cmdText); --给角色db_procedure_execute授权 SET @cmdText ='USE ' + QUOTENAME(@database_name) + ';' SET @cmdText +='INSERT INTO #sql_text(sql_cmd) SELECT ''GRANT EXECUTE ON '' + SCHEMA_NAME(schema_id) + ''.'' + QUOTENAME(name) + '' TO db_procedure_execute;'' FROM sys.procedures s WHERE NOT EXISTS ( SELECT 1 FROM sys.database_permissions p WHERE p.major_id = s.object_id AND p.grantee_principal_id = USER_ID(''db_procedure_execute''))'; EXECUTE SP_EXECUTESQL @cmdText; --给角色db_function_execute(标量函数授权) SET @cmdText ='USE ' + QUOTENAME(@database_name) + ';' SET @cmdText += 'INSERT INTO #sql_text(sql_cmd) SELECT ''GRANT EXEC ON '' + SCHEMA_NAME(schema_id) + ''.'' + QUOTENAME(name) + '' TO db_function_execute; '' FROM sys.all_objects s WHERE SCHEMA_NAME(schema_id) NOT IN (''sys'', ''INFORMATION_SCHEMA'') AND NOT EXISTS ( SELECT 1 FROM sys.database_permissions p WHERE p.major_id = s.object_id AND p.grantee_principal_id =USER_ID(''db_function_execute'') ) AND ( s.[type] = ''FN'' OR s.[type] = ''AF'' OR s.[type] = ''FS'' --OR s.[type] = ''FT'' ) ;' EXECUTE SP_EXECUTESQL @cmdText; --给角色db_function_execute(表值函数授权) SET @cmdText ='USE ' + @database_name + ';' SET @cmdText += 'INSERT INTO #sql_text(sql_cmd) SELECT ''GRANT SELECT ON '' + SCHEMA_NAME(schema_id) + ''.'' + QUOTENAME(name) + '' TO db_function_execute;'' FROM sys.all_objects s WHERE SCHEMA_NAME(schema_id) NOT IN (''sys'', ''INFORMATION_SCHEMA'') AND NOT EXISTS ( SELECT 1 FROM sys.database_permissions p WHERE p.major_id = s.object_id AND p.grantee_principal_id = USER_ID(''db_function_execute'')) AND ( s.[type] = ''TF'' OR s.[type] = ''IF'' ) ; ' EXECUTE SP_EXECUTESQL @cmdText; --查看存储过程定义授权 SET @cmdText ='USE ' + @database_name + ';' SET @cmdText +=' INSERT INTO #sql_text(sql_cmd) SELECT ''GRANT VIEW DEFINITION ON '' + SCHEMA_NAME(schema_id) + ''.'' + QUOTENAME(name) + '' TO db_view_procedure_definition;'' FROM sys.procedures s WHERE NOT EXISTS ( SELECT 1 FROM sys.database_permissions p WHERE p.major_id = s.object_id AND p.grantee_principal_id = USER_ID(''db_view_procedure_definition''))' EXECUTE(@cmdText); --查看函数定义的授权 SET @cmdText ='USE ' + @database_name + ';' SELECT @cmdText += 'INSERT INTO #sql_text(sql_cmd) SELECT ''GRANT VIEW DEFINITION ON '' + SCHEMA_NAME(schema_id) + ''.'' + QUOTENAME(name) + '' TO db_view_function_definition;'' FROM sys.objects s WHERE type_desc IN (''SQL_SCALAR_FUNCTION'', ''SQL_TABLE_VALUED_FUNCTION'', ''AGGREGATE_FUNCTION'' ) AND NOT EXISTS ( SELECT 1 FROM sys.database_permissions p WHERE p.major_id = s.object_id AND p.grantee_principal_id = USER_ID(''db_view_function_definition''))'; EXECUTE SP_EXECUTESQL @cmdText; --查看表定义的授权 SET @cmdText ='USE ' + @database_name + ';' SET @cmdText +='INSERT INTO #sql_text(sql_cmd) SELECT ''GRANT VIEW DEFINITION ON '' + SCHEMA_NAME(schema_id) + ''.'' + QUOTENAME(name) + '' TO db_view_table_definition ;'' FROM sys.tables s WHERE NOT EXISTS ( SELECT 1 FROM sys.database_permissions p WHERE p.major_id = s.object_id AND p.grantee_principal_id = USER_ID(''db_view_table_definition''))'; EXECUTE SP_EXECUTESQL @cmdText; --查看视图定义的授权 SET @cmdText ='USE ' + @database_name + ';' SET @cmdText +='INSERT INTO #sql_text(sql_cmd) SELECT ''GRANT VIEW DEFINITION ON '' + SCHEMA_NAME(schema_id) + ''.'' + QUOTENAME(name) + '' TO db_view_view_definition; '' FROM sys.views s WHERE NOT EXISTS ( SELECT 1 FROM sys.database_permissions p WHERE p.major_id = s.object_id AND p.grantee_principal_id = USER_ID(''db_view_view_definition''))'; EXECUTE SP_EXECUTESQL @cmdText; WHILE 1= 1 BEGIN SELECT TOP 1 @RowIndex=sql_id, @cmdText = 'USE ' + @database_name + '; '+ sql_cmd FROM #sql_text ORDER BY sql_id; IF @@ROWCOUNT =0 BREAK; PRINT(@cmdText); EXECUTE(@cmdText); DELETE FROM #sql_text WHERE sql_id =@RowIndex END DELETE FROM #databases WHERE database_name=@database_name; END DROP TABLE #databases; DROP TABLE #sql_text; END
上述就是小编为大家分享的怎么在SQL Server中处理数据库角色权限了,如果刚好有类似的疑惑,不妨参照上述分析进行理解。如果想知道更多相关知识,欢迎关注创新互联行业资讯频道。