Script To Copy Logins And Users With All Permissions
Jan 26, 2007
Hello all,
I am looking for the script, which I believe exists already.I need to
be able to populate the script for security of one database and
apply it to another database, even if it is located on another server:
1. All logins which not exist have to be created and which exists
ignored including the NT accounts
2. Users same as the old database + the existing ones stay in database
3. Passwords for the new logins.
4. All permissions/grants on all objects for the users that exists
(usually it's the case) and ignore those that don't.
I have script which does some of it, but it's not perfect, so every
time there are some errors.
Please let me know, if you need me to email script that I have. It's
pretty long so I cannot just post it in here.
Thank you in advance.
View 3 Replies
ADVERTISEMENT
Feb 2, 2007
Our company has 2 Database Roles (DBE and DBA). The DBE creates
database schema, performs SQL Server Administration, and manages server
security. The DBA writes data access, ETL, and manages database
security. In 2005, we're struggling with how to allow the DBA to see
all of the logins on the server in order to add them as users of their
database. What permissions does the DBA need to select from any of the
logins on the server to add them to their database?
Michelle
View 1 Replies
View Related
Jun 20, 2005
A question on the permissions hierarchy:
Since logins, database users, and database roles are both principals and securables - what does it mean to GRANT permission on a login/user/role to another principal? Does it mean that for a login - you can GRANT permission to EXECUTE AS that login or modify it, for example?
View 3 Replies
View Related
Dec 14, 2007
I have read the previous threads on the bugs with this task mainly: http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=1438968&SiteID=1 . These are great posts that helpmed me avoid wasting time. I haven't seen one yet that addresses copying an entire database including the sql server logins.
I would like to import the ENTIRE database from one (2005) server to another(2005) using the SSIS Transfer SQL Object task (not just sprocs,tables,views and functions). I have figured out how to pull the tables,views,sprocs and functions ... by using an execute sql task to drop these objects. But I cannot get this to work for users since the user dbo cannot be dropped and guest can only be disabled. I am creating a new database (this is the database where the sql objects will be copied to) via management studio to test this. There has to ba a way to get this working ... Microsoft must have published some sort of KB article on this task or a Script Task using SMO object calls. If need be I can drop the entire database on the target machine and have SSIS recreate it.
The only reason I'm willing to take a risk with SSIS rather than backup and restore is because of time constraints (I assume the SSIS task is faster) and backup storage administration.
declare @name varchar(200)
declare @object varchar(200)
DECLARE object_cursor CURSOR READ_ONLY FORWARD_ONLY FOR
select table_name,table_type from INFORMATION_SCHEMA.TABLES
union
Select name,'SPROC' table_type from sys.procedures Where [type] = 'P' and is_ms_shipped = 0 and [name] not like 'sp[_]%diagram%'
union
select name,'FN' from sys.objects where type_desc like '%FUNCTION'
OPEN object_cursor
FETCH NEXT FROM object_cursor INTO @name,@object
IF @@FETCH_STATUS <> 0
PRINT ' <<None>>'
WHILE @@FETCH_STATUS = 0
BEGIN
if @object = 'BASE TABLE'
begin
exec ('drop table ' + @name)
end
else if @object = 'VIEW'
begin
exec ('drop view ' + @name)
end
else if @object = 'SPROC'
begin
exec ('drop procedure ' + @name)
end
else if @object = 'FN'
begin
exec ('drop function ' + @name)
end
FETCH NEXT FROM object_cursor INTO @name,@object
END
CLOSE object_cursor
DEALLOCATE object_cursor
View 4 Replies
View Related
Oct 10, 2001
Hi Everybody,
I am working on SQL 7.0/2000. I have given lot of permissions to the user 'duser1'. The permissions like select,etc..,create... Now I want to give the same permissions(what I have given to 'duser1') to the other user called 'duser2'. Right now I hvn't created any Database Roles or Server Roles.
Do we have any easy method to copy the permissions of one user to the other user?, like script generation or any method. If anybody knows that please guide me.
tks in advance,
Sam
View 1 Replies
View Related
Sep 4, 2006
I wanted to create two users in SQL Server to be used by my application. The first would have read only access to all the tables in the database, the second would have read and write access.
I tried to use one login for both but when I tried to create the second user in my database I encountered the following error :
Error 15063 : The login already has an account under a different user name.
Do I need to create two separate logins in SQL Server to achieve this? If so, what if I want various users all with different access rights to different tables. Do I need a new login and a new user for each.
View 1 Replies
View Related
Jan 14, 2007
hi all ,
any decribtion about users and logins and differncs between them ??
and any example for real use in real life ??
i use logins user name and passwords in the connection string from c# but how users can make difference with that ??
thnks so much for your help
View 4 Replies
View Related
Sep 29, 2006
Hello,
How can I login in one databse from Sql Management Studio? Do I need one login for each user?
How does it work?
thanks,
View 4 Replies
View Related
Sep 13, 2007
Ok, let me preface my question with a little info about the application I am working on. I am in the middle of creating a project in VB.Net for my company. We have a data management system for handling sampling data. Now the database design is like so. The application is able to handle multiple "Sites". We create a new database for each site that is create dint eh application. These databases are identical in structure but the data is obviously different.
Now we don't actually delete any records in this application rather we mark items as deleted instead. This allows us to easily undo any changes that have been made to the data. When a change or delete are made, we record this change so that reports can be printed to show what changes were made and by who. This is all well and good, but my thoughts are this.
At the moment I am writing lots of VB code to handle adding these records of change and inserting them into the database... What I would like to be able to do is to just create Triggers on the tables to add them. This is something that I know how to do and i feel like it would be the better way to do it except for one thing... here comes the issue...
I have no way of knowing what user is logged in to my application from within the trigger because the application uses a single login for accessing the database. My thoughts are this... Would I be crazy to think that it would be a good idea to create SQL server logins for each user that is created in the application, giving these users access to only the database that they have been created in? This would allow me to determine who was logged in when the change was made and could then implement recording changes through triggers... I am not a very experienced dba programming is more my speciality. I know how to implement this idea, but I am just wondering if this sort of thing is considered bad practice or if it is something I should consider implementing...
Sorry for the novel there and thanks for any help or insight.
Brian
View 4 Replies
View Related
Feb 8, 2007
What is the relationship between the users in a database and the logins on the server.
View 1 Replies
View Related
Jun 2, 2007
hi,
In sql2k you used to be able to have a same user in 2 databases under the same login. Just moved to 2005, using sql authentication, and have some users who need to access 2 databases using the same login credentials. But sql2005 will not let me create 2 users under the same login across databases. Any ideas?
Thanks,
Mat
View 1 Replies
View Related
Mar 20, 2006
Hi
I can't figure out what the purpose of having seperate users is as I can't actually login to the database using one.
Here is my scenario.
I have a single login called LoginA and I have a database which I want to carve up using schema's. At the database level I need to create a user, associate a login with this user and can set a default schema and specifiy what schemas this USER can access. The login created can access multiple schemas.
So..
I created a database login called loginA.
I created a user for the database called UserA set it's login name to LoginA and
I then created 3 schemas called SchemaA, SchemaB and SchemaC and set their schema owner name to UserA.
I went back to UserA and set their default Schema to SchemaA
How can I login using the new user created as it has no password associated with it. If I login using LoginA then I have no default Schema set becuase the schema is associated with a USER not a LOGIN.
I can understand why you can only have one login account assicated with one user account for each database but I can;t understand why you can specify a user name if you can't use it to login.
Has anyone got any ideas?
Thanks
View 1 Replies
View Related
Jan 25, 2007
Hi ,
What is the diff between Logins & Users in SQL Server?
thanks
Babu
View 3 Replies
View Related
Jul 13, 1999
Hello:
We are working on an application but with other users who have been using the SA password. The application is running on MSSQL 6.5 and sp4.
We have been generally assigning logins/userids to new users although some people are using the SA id. The SA id password has been changed so that will stop users (really developers) from using it.
Most users are assigned to a group which has select, insert, update, delete
permission. Some users will be moved to a group which as only select privilege
I would like to query the system tables and see exactly what permissions
are assigned to each user.
I can look at Enterprise manager and cut and paste this information I think.This is cumbersome
1) Does anyone have a query I can run to get the userid/login and the permissions for each userid?
2) How can I make a user a dbo and give him/her the same permissions as a dbo on tablesalready creaetd?
Thanks.
David Spaisman
View 1 Replies
View Related
Mar 28, 2007
Hi,
In my local instance of SQL Server at work (which I use for testing), somehow all of the logins except 2 were dropped. The administrators group no longer exists as a login (nor do any other windows users or groups)-the only 2 remaining are sa (which is disabled) and a SQL login I had created earlier which has no permissions except read permission on master. I can login as this SQL user, but I do not have permissions to create logins or enable the sa account. Do I have any options other than uninstalling and reinstalling my local instance?
Thanks,
-Dave
View 5 Replies
View Related
Jun 9, 2006
Hi,
I am at a company with 18 employees and I have 11-12 databases in SQL
server. I can't seem to give logins and permissions to groups. Is there
a simpler way, or do I have to add every single employee to each
database and give permissions?
View 1 Replies
View Related
Aug 30, 2004
HI guys,
I just restored a database on a new server with a backup(complete backup stored in backup device) from another database on another server using the "with move" option. In fact here was my process:
Alter database ngauge SET SINGLE_USER WITH ROLLBACK IMMEDIATE
restore database ngauge
from disk = 'C:Program FilesMicrosoft SQL ServerMSSQLBACKUPgauge1.BAK'
with move 'NGAUGE' to 'C:Program FilesMicrosoft SQL ServerMSSQLDatagauge_Data.MDF',
move 'NGAUGE_Log' to 'C:Program FilesMicrosoft SQL ServerMSSQLDatagauge_Log.LDF'
Alter database ngauge SET READ_WRITE
it worked.
But it did not move the 98 or so users/logins...from the source database
what is going on??? what am I doing wrong??!!
Please help!
'W
View 2 Replies
View Related
Apr 12, 2000
I need to move several databases to a new server while retaining the same logins/permissions. Books Online indicates that DTS can move the SQL Server logins, but it sets the passwords to NULL in the process. Is there any way to move the logins and keep all passwords/permissions intact?
View 2 Replies
View Related
Jul 31, 2012
I know that there is Microsoft KB to migrate SQL Logins but it doesnt take care of Login Server level permissions or User level permissions.Idera used to have a Free tool SQLPermisions.exe but it works only on Windows XP/Vista not on Windows 7. Any third party tool (free or paid) which can migrate SQL Logins and User permissions ?
View 14 Replies
View Related
May 31, 2006
Hi,I work as an IT Administrator and part of my job role is to useEnterprise Manager and Query Analyzer to backup the logins andpermissions for each database on our SQL Servers. This information isused as a backup in the event of a server failing so we then havesomething to fall back on if we need to add the same logins/permissionsagain.This takes ages to do, as I have to manually enter all the informationinto a spreadsheet.Steps:- In Enterprise Manager I connect to a server then 'Security' tab, then'Logins'. I then enter all items into a spreadsheet.- In Query Analyzer I connect to a server then do 'sp_helpuser' to listall the permissions for each database. I then enter all informationinto a spreadsheet.I was wondering if there is such a program available on the market thatwould do this for me? I know that MS Baseline Security can show flatfile share permissions to a certain degree and was wondering if therewas a similar program out there to help me do my job easier, or ifthere is a simple way of doing this in the future...Any feedback would be greatly appreciated.Regards,Jenny
View 2 Replies
View Related
Sep 10, 2007
Haven't been able to find the answer to this after sever searches. So decided to open the thread myself.
I am trying to write a report enumerating logins in SQL Server and all database-level and object-level permissions granted to each login.
Can someone tell me what system objects I can query to fetch this information?
TIA.
View 3 Replies
View Related
Feb 14, 2006
Hi all
I'm using sql enterprise manager to access a database which has two users associated to it called 'dbo' and 'user'. I have a login that uses sql authentication also called 'user2' which has been tested and working fine.
From within enterprise manager, when i look at the list of users for my database, 'dbo' is listed as using the 'user2' login to gain access, but the entry for 'user' has no login name listed and is blank, which should be 'user2'. How can I rectify this?
Thanks
View 2 Replies
View Related
Feb 13, 2015
How to find the list of logins/users who do not have any permission (except default Public) access.
View 4 Replies
View Related
Jun 24, 2015
How to get all logins & users with their password into other server while doing migration?
View 7 Replies
View Related
Jul 21, 2006
I do not understand the sequence in which to add logins/users. A coupleof things to note. I can not use vbscript - it has to be done using thesqldmo objects (or in a sql script).The sequence I use now is:1- create login, set default db2- add login to sql server3- set db owner4- create user5- add user to master db6- add user to tempdb - blows up hereError 'Microsoft SQL-DMO: [SQL-DMO]This object is already in acollection.'I need the user in 3 dbs. Any help greatly appreciated. Thinking aboutit...I bet by adding it to the master db that it is automatically addedto tempdb so I will try to add it to the 2rd db and see if that works.Thanks!-Will
View 2 Replies
View Related
Apr 5, 2008
Sql 2005
I want to grate execute permissions on my stored procedures to a role. While creating the role, it asks for "schemas owned by this role".
To me, the schema is merely a namespace that allows you to group objects, but arent schemas such as db_datawriter roles that are central to the db and only admin type users should have ownership of these, correct ?
In a nutshell, I want to:
create a new role and assign a user to that role
with a stored procedure, grant execute permissions to this role
I was confused by the sql 2005 dialog that asks me to take ownership of roles such as db_datawriter, db_datareader etc, wouldnt that mess up other things with the database ?
help ...
I think its time I review all of the above items
role
user
login
schema
View 4 Replies
View Related
Nov 3, 2014
Query to show logins that don't have any permissions within the SQL instance? I'm tasked with doing some cleanup and have found some cases where the database was deleted or moved to another server but the logins that used it were not deleted. I'd like to identify them to research.
For instance a query to show logins that have no permissions in any of the existing databases would be handy. I'm thinking it would be complicated by the need to loop through all of the existing databases and then outer join it to the list of instance level logins. Going to try to write something like that but was hoping that a script already exists.
View 3 Replies
View Related
Nov 15, 2007
Hi there,
Does anyone know a way (a query perhaps?) to determine which logins have write permissions to a specific database on SQL Server 2005? Ive thought about joining sys.syslogins & sys.sysusers but looking at the columns, not sure which one would render me that info.
Any help is appreciated. Many thanks!
View 1 Replies
View Related
Sep 10, 2001
We are in process of migrating of databases from one Server to another, Can anyone please suggest me how to transfer or copy the logins from one Server to the other instead of creating them all over again??
Thanks in advance...
View 1 Replies
View Related
Jul 7, 2015
Does securityadmin Server level role can add, alter logins and corresponding users on all databases ?
If not what is the best role other thn SA to have to manager logins and users.
View 4 Replies
View Related
Jul 6, 2007
Hi All,
I have just migrated couple of test databases
from SQL Server 2000 to 2005 (side by side).
I also migrated the server level logins using SSIS transfer logins task, available on SSIS 'Transfer logins', I selected all the databases that I have migrated so that I have all database users account in server logins (to avoid orphaned users); but I don't have all the database users in server logins, also the sys.sysusers doesn't have the database users, that I have moved to SQL 2005. Can anybody help?
Also do I need to back up the SQL Server 2000 database and restore it on SQL 2005? What impact this operation can have?
Thanks for your time..
Bidyut
View 5 Replies
View Related
May 9, 2002
Hi there!
I'm developing an application and i need to do the next thing:
I need to make a process, but this process just need to be done, when nobody else is modyfing datas in the database.
Is there anyway i could check this? I have read about the sp_who stored procedure but this one return all the activity in all the databases, and i just need to check in one specifically. And there's another issue, we all access with the user dbo to the database...
Any help will be appreciated..
View 2 Replies
View Related
Jan 19, 2000
I restored a copy of a database onto a new server. I created the proper logins on the new server prior to the restore. The users and permissions should all be identical. They appear to be in the system tables, but none of the users or permissions appear in the appropriate screens on Enterprise Manager.
Also, even though the permissions appear to be intact in the syspermissions table, when I connect as a certain user and try to query a table the user should have permissions on, I'm denied access.
Does anyone have any suggestions?
Thanks in advance!
Lisa Rae
View 4 Replies
View Related
