zoukankan      html  css  js  c++  java
  • SQL Server 服务器器信息备份(二)--权限备份

    前言

    上文说到:SQL Server 服务器器信息备份(一)--login新建脚本备份

    本文将说到用户权限的备份,权限的备份可分为服务器级别的备份和用户级别的备份。

    权限的备份可保证服务器在完全宕机的情况下,能快速通过备份恢复原有权限。笔者根据常用权限将权限分类如下

    服务器级别权限

    • 服务器级别角色:通过此语句拼写EXEC master..sp_addsrvrolemember @loginame , @rolename

    • 服务器级别权限:

    1. 系统视图VIEW ANY DEFINITION查询的权限
    2. 元数据SERVER STATE查询的权限
    3. 端点权限等等

    数据库级别权限

    • 新建用户连接并赋予用户相应角色和特定表的增删改查的权限。

    • 新建角色连接并赋予特定表的增删改查的权限等。

    脚本(server)

    服务级别权限脚本,在服务器维护之前,就应该将此权限赋予.笔者赋予的不只是服务器级别角色和一些元数据查询端点链接权限

    ,还包括系统数据库的数据库级别权限(用户的新建、角色新建以及特定对象的权限等)

    CREATE PROC [dbo].[spm_getpermission_svr]
               @loginame VARCHAR(100)  = NULL,
               @filepath VARCHAR(1000)  = NULL
    AS
      SET nocount on
      /*表变量用于存放数据*/
      DECLARE  @temp_file  TABLE(
                                 id       INT   IDENTITY ( 1 , 1 ),
                                 sql_text VARCHAR(MAX)
                                 )
      DECLARE  @cmd VARCHAR(MAX)
      DECLARE  @dbname VARCHAR(100)
      IF @loginame IS NOT NULL
        BEGIN
          INSERT INTO @temp_file
                     (sql_text)
          /*服务器级别角色*/
          SELECT 'EXEC master..sp_addsrvrolemember @loginame = N''' + c.name + ''' , @rolename = N''' + a.name + '''' COLLATE latin1_general_ci_as
          FROM   sys.server_principals a
                 JOIN sys.server_role_members b
                   ON a.principal_id = b.role_principal_id
                 JOIN sys.server_principals c
                   ON b.member_principal_id = c.principal_id
          WHERE  c.TYPE IN ('S','U','G')
                 AND c.name NOT LIKE '%SQLServer2005%'
                 AND c.name NOT IN ('NT SERVICEMSSQLSERVER','NT SERVICESQLSERVERAGENT','NT AUTHORITYSYSTEM','##MS_PolicyEventProcessingLogin##',
                                    '##MS_PolicyTsqlExecutionLogin##','sa','BUILTINAdministrators')
                 AND c.name = @loginame
          UNION ALL
          /*服务器级别权限*/
          SELECT 'USE  master ;
                     ' + a.state_desc + ' ' + a.permission_name + ' TO [' + b.name + ']' COLLATE latin1_general_ci_as
          FROM   sys.server_permissions a
                 JOIN sys.server_principals b
                   ON a.grantee_principal_id = b.principal_id
          WHERE  class_desc = 'SERVER'
                 AND b.TYPE IN ('S','U','G')
                 AND a.permission_name <> 'CONNECT SQL'
                 AND b.name NOT LIKE '%SQLServer2005%'
                 AND b.name NOT IN ('NT SERVICEMSSQLSERVER','NT SERVICESQLSERVERAGENT','NT AUTHORITYSYSTEM','##MS_PolicyEventProcessingLogin##',
                                    '##MS_PolicyTsqlExecutionLogin##','sa','BUILTINAdministrators')
                 AND b.name = @loginame
          UNION ALL
          /*服务器级别主体权限*/
          SELECT 'USE  master ;
                     ' + pm.state_desc + ' ' + permission_name + ' ON LOGIN::[' + pc1.name + ']  to [' + pc.name + ']' COLLATE latin1_general_ci_as
          FROM   sys.server_permissions pm (nolock)
                 JOIN sys.server_principals pc (nolock)
                   ON pm.grantee_principal_id = pc.principal_id
                 JOIN sys.server_principals pc1 (nolock)
                   ON pm.major_id = pc1.principal_id
          WHERE  pc.TYPE IN ('S','U','G')
                 AND class_desc = 'SERVER_PRINCIPAL'
                 AND pc.name NOT LIKE '%SQLServer2005%'
                 AND pc.name NOT IN ('NT SERVICEMSSQLSERVER','NT SERVICESQLSERVERAGENT','NT AUTHORITYSYSTEM','##MS_PolicyEventProcessingLogin##',
                                     '##MS_PolicyTsqlExecutionLogin##','sa','BUILTINAdministrators')
                 AND pc.name = @loginame
          UNION ALL
          /*服务器级别端点权限*/
          SELECT 'USE  master ;
                     ' + pm.state_desc + ' ' + permission_name + ' ON ENDPOINT::[' + pc1.name + '] to [' + pc.name + ']' COLLATE latin1_general_ci_as
          FROM   sys.server_permissions pm (nolock)
                 JOIN sys.server_principals pc (nolock)
                   ON pm.grantee_principal_id = pc.principal_id
                 JOIN sys.server_principals pc1 (nolock)
                   ON pm.major_id = pc1.principal_id
          WHERE  pc.TYPE IN ('S','U','G')
                 AND class_desc = 'ENDPOINT'
                 AND pc.name NOT LIKE '%SQLServer2005%'
                 AND pc.name NOT IN ('NT SERVICEMSSQLSERVER','NT SERVICESQLSERVERAGENT','NT AUTHORITYSYSTEM','##MS_PolicyEventProcessingLogin##',
                                     '##MS_PolicyTsqlExecutionLogin##','sa','BUILTINAdministrators')
                 AND pc.name = @loginame
        END
      ELSE
        BEGIN
          INSERT INTO @temp_file
                     (sql_text)
          /*服务器级别角色*/
          SELECT 'EXEC master..sp_addsrvrolemember @loginame = N''' + c.name + ''' , @rolename = N''' + a.name + '''' COLLATE latin1_general_ci_as
          FROM   sys.server_principals a
                 JOIN sys.server_role_members b
                   ON a.principal_id = b.role_principal_id
                 JOIN sys.server_principals c
                   ON b.member_principal_id = c.principal_id
          WHERE  c.TYPE IN ('S','U','G')
                 AND c.name NOT LIKE '%SQLServer2005%'
                 AND c.name NOT IN ('NT SERVICEMSSQLSERVER','NT SERVICESQLSERVERAGENT','NT AUTHORITYSYSTEM','##MS_PolicyEventProcessingLogin##',
                                    '##MS_PolicyTsqlExecutionLogin##','sa','BUILTINAdministrators')
          UNION ALL
          /*服务器级别权限*/
          SELECT 'USE  master ;
                     ' + a.state_desc + ' ' + a.permission_name + ' TO [' + b.name + ']' COLLATE latin1_general_ci_as
          FROM   sys.server_permissions a
                 JOIN sys.server_principals b
                   ON a.grantee_principal_id = b.principal_id
          WHERE  class_desc = 'SERVER'
                 AND b.TYPE IN ('S','U','G')
                 AND a.permission_name <> 'CONNECT SQL'
                 AND b.name NOT LIKE '%SQLServer2005%'
                 AND b.name NOT IN ('NT SERVICEMSSQLSERVER','NT SERVICESQLSERVERAGENT','NT AUTHORITYSYSTEM','##MS_PolicyEventProcessingLogin##',
                                    '##MS_PolicyTsqlExecutionLogin##','sa','BUILTINAdministrators')
          UNION ALL
          /*服务器级别主体权限*/
          SELECT 'USE  master ;
                     ' + pm.state_desc + ' ' + permission_name + ' ON LOGIN::[' + pc1.name + ']  to [' + pc.name + ']' COLLATE latin1_general_ci_as
          FROM   sys.server_permissions pm (nolock)
                 JOIN sys.server_principals pc (nolock)
                   ON pm.grantee_principal_id = pc.principal_id
                 JOIN sys.server_principals pc1 (nolock)
                   ON pm.major_id = pc1.principal_id
          WHERE  pc.TYPE IN ('S','U','G')
                 AND class_desc = 'SERVER_PRINCIPAL'
                 AND pc.name NOT LIKE '%SQLServer2005%'
                 AND pc.name NOT IN ('NT SERVICEMSSQLSERVER','NT SERVICESQLSERVERAGENT','NT AUTHORITYSYSTEM','##MS_PolicyEventProcessingLogin##',
                                     '##MS_PolicyTsqlExecutionLogin##','sa','BUILTINAdministrators')
          UNION ALL
          /*服务器级别端点权限*/
          SELECT 'USE  master ;
                     ' + pm.state_desc + ' ' + permission_name + ' ON ENDPOINT::[' + pc1.name + '] to [' + pc.name + ']' COLLATE latin1_general_ci_as
          FROM   sys.server_permissions pm (nolock)
                 JOIN sys.server_principals pc (nolock)
                   ON pm.grantee_principal_id = pc.principal_id
                 JOIN sys.server_principals pc1 (nolock)
                   ON pm.major_id = pc1.principal_id
          WHERE  pc.TYPE IN ('S','U','G')
                 AND class_desc = 'ENDPOINT'
                 AND pc.name NOT LIKE '%SQLServer2005%'
                 AND pc.name NOT IN ('NT SERVICEMSSQLSERVER','NT SERVICESQLSERVERAGENT','NT AUTHORITYSYSTEM','##MS_PolicyEventProcessingLogin##',
                                     '##MS_PolicyTsqlExecutionLogin##','sa','BUILTINAdministrators')
        END
      /*游标轮训系统数据库的权限*/
      DECLARE db_table_cursor CURSOR  FOR
      SELECT   name
      FROM     sys.databases
      WHERE    name IN ('master','msdb','model','tempdb',
                        'distribution')
               AND state = 0
      ORDER BY name
      /*打开游标*/
      OPEN db_table_cursor
      FETCH NEXT FROM db_table_cursor
      INTO @dbname
      WHILE @@FETCH_STATUS = 0
        BEGIN
          IF @loginame IS NOT NULL
            BEGIN
              /*数据库用户新建*/
              SELECT @cmd = 'select
                            ''use ' + @dbname + ';
                                                if exists (select top 1 1 from  sys.schemas (nolock)
                                                where name=''''''+dpr.name+'''''')
                                                drop schema [''+dpr.name+''];
                                                if exists (select top 1 1 from  sys.database_principals (nolock)
                                                where name=''''''+dpr.name+'''''')
                                                drop user [''+dpr.name+''];
                                                CREATE USER [''+dpr.name+''] FOR LOGIN [''+l.name+''] WITH DEFAULT_SCHEMA=[''+dpr.default_schema_name+'']'' COLLATE LATIN1_General_CI_AS
                                                from [' + @dbname + '].sys.database_principals dpr
                                                                    join [' + @dbname + '].sys.syslogins l on dpr.sid =l.sid
                                                                                        where dpr.type  in(''S'',''U'')
                                                                                        and dpr.name not in(''dbo'',''##MS_PolicyEventProcessingLogin##'',''##MS_AgentSigningCertificate##'',''##MS_PolicyTsqlExecutionLogin##'') and l.name =''' + @loginame + '''
                                                                                                                                                                                                                                                                Union all
                                                                                                                                                                                                                                                                select
                                                                                                                                                                                                                                                                ''use ' + @dbname + ';
                                                                                                                                                                                                                                                                                    if exists (select top 1 1  from  sys.schemas (nolock)
                                                                                                                                                                                                                                                                                    where name=''''''+dpr.name+'''''')
                                                                                                                                                                                                                                                                                    drop schema [''+dpr.name+''];
                                                                                                                                                                                                                                                                                    if exists (select top 1 1  from  sys.database_principals (nolock)
                                                                                                                                                                                                                                                                                    where name=''''''+dpr.name+'''''')
                                                                                                                                                                                                                                                                                    drop user [''+dpr.name+''];
                                                                                                                                                                                                                                                                                    CREATE USER [''+dpr.name+''] FOR LOGIN [''+l.name+'']''  COLLATE LATIN1_General_CI_AS
                                                                                                                                                                                                                                                                                    from [' + @dbname + '].sys.database_principals dpr
                                                                                                                                                                                                                                                                                                        join [' + @dbname + '].sys.syslogins l on dpr.sid =l.sid
                                                                                                                                                                                                                                                                                                                            where dpr.type  in(''G'')
                                                                                                                                                                                                                                                                                                                            and dpr.name not in(''dbo'',''##MS_PolicyEventProcessingLogin##'',''##MS_AgentSigningCertificate##'',''##MS_PolicyTsqlExecutionLogin##'') and  l.name =''' + @loginame + ''''
              INSERT INTO @temp_file
                         (sql_text)
              EXEC( @cmd)
              /*用户与角色之间的关系*/
              SELECT @cmd = 'select ''use ' + @dbname + ' ;
                                                        exec sp_addrolemember ''''''+dpr.name+'''''',''''''+dpr1.name+''''''''  COLLATE LATIN1_General_CI_AS
                                                        from ' + @dbname + '.sys.database_role_members  drm
                                                                           join ' + @dbname + '.sys.database_principals  dpr   on drm.role_principal_id=dpr.principal_id
                                                                                              join ' + @dbname + '.sys.database_principals  dpr1   on drm.member_principal_id=dpr1.principal_id
                                                                                                                 where dpr1.name not in(''dbo'',''##MS_PolicyEventProcessingLogin##'',''##MS_AgentSigningCertificate##'',''##MS_PolicyTsqlExecutionLogin##'')
                                                                                                                 and suser_sname(dpr1.sid) =''' + @loginame + ''''
              INSERT INTO @temp_file
                         (sql_text)
              EXEC( @cmd)
              /*拥有对象的权限*//*拥有对象字段的权限*//*数据库权限*/
              SELECT @cmd = 'select
                            ''USE [' + @dbname + '];
                                                 ''+dp.state_desc+'' ''+dp.permission_name+'' ON ''+s.name+''.[''+o.name+''] TO [''+du.name+'']''  COLLATE LATIN1_General_CI_AS
                                                 from [' + @dbname + '].sys.all_objects o (nolock)
                                                                     join [' + @dbname + '].sys.database_permissions dp (nolock) on dp.major_id = o.object_id
                                                                                         join [' + @dbname + '].sys.schemas s (nolock) on o.schema_id = s.schema_id
                                                                                                             join [' + @dbname + '].sys.database_principals  du (nolock) on dp.grantee_principal_id = du.principal_id
                                                                                                                                 where du.type in (''S'',''U'',''G'') and dp.class_desc =''OBJECT_OR_COLUMN'' and minor_id=0--为对象
                                                                                                                                 and du.name not in(
                                                                                                                                 ''dbo'',
                                                                                                                                 ''##MS_PolicyEventProcessingLogin##'',
                                                                                                                                 ''##MS_AgentSigningCertificate##'',
                                                                                                                                 ''##MS_PolicyTsqlExecutionLogin##''
                                                                                                                                 ) and suser_sname(du.sid)=''' + @loginame + '''
                                                                                                                                                                             union all
                                                                                                                                                                             select
                                                                                                                                                                             ''USE [' + @dbname + '];
                                                                                                                                                                                                  ''+dp.state_desc+'' ''+dp.permission_name+'' ON ''+s.name+''.[''+o.name+''].[''+o.name+'']  TO [''+du.name+'']''  COLLATE LATIN1_General_CI_AS
                                                                                                                                                                                                  from [' + @dbname + '].sys.all_objects o (nolock)
                                                                                                                                                                                                                      join [' + @dbname + '].sys.database_permissions dp (nolock) on dp.major_id = o.object_id--字段与对象的关系
                                                                                                                                                                                                                                          join [' + @dbname + '].sys.schemas s (nolock) on o.schema_id = s.schema_id
                                                                                                                                                                                                                                                              join [' + @dbname + '].sys.all_columns c on c.object_id=o.object_id AND dp.minor_id=c.column_id --字段与权限的关系
                                                                                                                                                                                                                                                                                  join [' + @dbname + '].sys.database_principals  du (nolock) on dp.grantee_principal_id = du.principal_id
                                                                                                                                                                                                                                                                                                      where du.type in (''S'',''U'',''G'') and dp.class_desc =''OBJECT_OR_COLUMN'' and minor_id=1--为字段
                                                                                                                                                                                                                                                                                                      and du.name not in(''dbo'',''##MS_PolicyEventProcessingLogin##'',''##MS_AgentSigningCertificate##'',''##MS_PolicyTsqlExecutionLogin##'')
                                                                                                                                                                                                                                                                                                      and suser_sname(du.sid)=''' + @loginame + '''
                                                                                                                                                                                                                                                                                                                                                union all
                                                                                                                                                                                                                                                                                                                                                select ''use [' + @dbname + '] ;
                                                                                                                                                                                                                                                                                                                                                                             ''+dp.state_desc+'' ''+dp.permission_name+'' to [''+du.name+'']''   COLLATE LATIN1_General_CI_AS
                                                                                                                                                                                                                                                                                                                                                                            From [' + @dbname + '].sys.database_permissions dp (nolock)
                                                                                                                                                                                                                                                                                                                                                                                                join [' + @dbname + '].sys.database_principals  du (nolock) on dp.grantee_principal_id = du.principal_id
                                                                                                                                                                                                                                                                                                                                                                                                                    where dp.class_desc=''DATABASE'' and permission_name <>''CONNECT''
                                                                                                                                                                                                                                                                                                                                                                                                                    and du.name not in(''dbo'',''##MS_PolicyEventProcessingLogin##'',''##MS_AgentSigningCertificate##'',''##MS_PolicyTsqlExecutionLogin##'')
                                                                                                                                                                                                                                                                                                                                                                                                                    and suser_sname(du.sid)=''' + @loginame + ''''
              INSERT INTO @temp_file
                         (sql_text)
              EXEC( @cmd)
              /*用户拥有架构*//*用户拥有USER,role的权限*//*类型权限*/
              SELECT @cmd = '
                            select ''use [' + @dbname + '] ;
                                                        ''+dp.state_desc + '' '' + dp.permission_name + '' on SCHEMA::[''+ s.name + ''] to ['' + du.name + '']''    COLLATE LATIN1_General_CI_AS
                                                        from [' + @dbname + '].sys.database_permissions dp (nolock)
                                                                            join [' + @dbname + '].sys.schemas s (nolock) on dp.major_id = s.schema_id
                                                                                                join [' + @dbname + '].sys.database_principals  du (nolock) on dp.grantee_principal_id = du.principal_id
                                                                                                                    where dp.class_desc=''SCHEMA''
                                                                                                                    and du.name not in(''dbo'',''##MS_PolicyEventProcessingLogin##'',''##MS_AgentSigningCertificate##'',''##MS_PolicyTsqlExecutionLogin##'')
                                                                                                                    and du.type in (''S'',''U'',''G'')
                                                                                                                    and suser_sname(du.sid)=''' + @loginame + '''
                                                                                                                                                              union all
                                                                                                                                                              select ''use [' + @dbname + '] ;
                                                                                                                                                                                          ''+dpe.state_desc + '' '' + dpe.permission_name + '' on ''+case when dpr.type=''S'' then ''USER::['' else ''ROLE::['' end + dpr.name + ''] to ['' + dpr1.name + '']''   COLLATE LATIN1_General_CI_AS
                                                                                                                                                                                          from [' + @dbname + '].sys.database_permissions dpe
                                                                                                                                                                                                              join [' + @dbname + '].sys.database_principals dpr on dpe.major_id=dpr.principal_id
                                                                                                                                                                                                                                  join [' + @dbname + '].sys.database_principals dpr1 on dpe.grantee_principal_id=dpr1.principal_id
                                                                                                                                                                                                                                                      where dpr.type in(''S'',''R'') and dpe.class_desc=''DATABASE_PRINCIPAL'' and  dpr1.type in (''S'',''U'',''G'')
                                                                                                                                                                                                                                                      and dpr1.name not in(''dbo'',''##MS_PolicyEventProcessingLogin##'',''##MS_AgentSigningCertificate##'',''##MS_PolicyTsqlExecutionLogin##'')
                                                                                                                                                                                                                                                      and suser_sname(dpr1.sid)=''' + @loginame + '''
                                                                                                                                                                                                                                                                                                  union all
                                                                                                                                                                                                                                                                                                  select ''use [' + @dbname + '] ;
                                                                                                                                                                                                                                                                                                                              ''+dp.state_desc + '' '' + dp.permission_name + '' on TYPE::[''+ s.name + ''].['' + o.name + ''] to ['' + du.name + '']'' COLLATE LATIN1_General_CI_AS
                                                                                                                                                                                                                                                                                                                              from [' + @dbname + '].sys.database_permissions dp (nolock)
                                                                                                                                                                                                                                                                                                                                                  join [' + @dbname + '].sys.types  o (nolock) on dp.major_id = o.user_type_id
                                                                                                                                                                                                                                                                                                                                                                      join [' + @dbname + '].sys.database_principals du (nolock) on dp.grantee_principal_id = du.principal_id
                                                                                                                                                                                                                                                                                                                                                                                          join [' + @dbname + '].sys.schemas s (nolock) on o.schema_id = s.schema_id
                                                                                                                                                                                                                                                                                                                                                                                                              where class_desc=''TYPE''
                                                                                                                                                                                                                                                                                                                                                                                                              and du.type in (''S'',''U'',''G'')
                                                                                                                                                                                                                                                                                                                                                                                                              and du.name not in(''dbo'',''##MS_PolicyEventProcessingLogin##'',''##MS_AgentSigningCertificate##'',''##MS_PolicyTsqlExecutionLogin##'')
                                                                                                                                                                                                                                                                                                                                                                                                              and suser_sname(du.sid)=''' + @loginame + '''
                                                                                                                                                                                                                                                                                                                                                                                                                                                        --and suser_sname(du.sid) is not null
                                                                                                                                                                                                                                                                                                                                                                                                                                                        '
              INSERT INTO @temp_file
                         (sql_text)
              EXEC( @cmd)
            END
          /*******若不指定用户*****/
          ELSE
            BEGIN
              /*数据库级别角色*/
              SELECT @cmd = 'select ''use ' + @dbname + ';
                                                            if not exists (select top 1 1 from sys.database_principals where name=''''''+dpe.name+'''''')
                                                            create role [''+dpe.name+''] authorization [''+dpr.default_schema_name+'']''  COLLATE LATIN1_General_CI_AS
                                                            from [' + @dbname + '].sys.database_principals dpe
                                                                                 join [' + @dbname + '].sys.database_principals  dpr on dpe.owning_principal_id=dpr.principal_id
                                                                                                      where dpe.is_fixed_role =0
                                                                                                      and dpe.type=''R''
                                                                                                      and dpe.name not in(
                                                                                                      ''public'',
                                                                                                      ''TargetServersRole'',
                                                                                                      ''SQLAgentUserRole'',
                                                                                                      ''SQLAgentReaderRole'',
                                                                                                      ''SQLAgentOperatorRole'',
                                                                                                      ''DatabaseMailUserRole'',
                                                                                                      ''db_dtsadmin'',
                                                                                                      ''db_dtsltduser'',
                                                                                                      ''db_dtsoperator'',
                                                                                                      ''JOBUsers'',
                                                                                                      ''DTSUsers'',
                                                                                                      ''dbm_monitor'',
                                                                                                      ''replmonitor'',
                                                                                                      ''db_ssisadmin'',
                                                                                                      ''db_ssisltduser'',
                                                                                                      ''db_ssisoperator'',
                                                                                                      ''dc_operator'',
                                                                                                      ''dc_admin'',
                                                                                                      ''dc_proxy'',
                                                                                                      ''PolicyAdministratorRole'',
                                                                                                      ''ServerGroupAdministratorRole'',
                                                                                                      ''ServerGroupReaderRole'',
                                                                                                      ''UtilityCMRReader'',
                                                                                                      ''UtilityIMRWriter'',
                                                                                                      ''UtilityIMRReader''
                                                                                                      )'
              INSERT INTO @temp_file
                         (sql_text)
              EXEC( @cmd)
              /*数据库用户新建*/
              SELECT @cmd = 'select
                                ''use ' + @dbname + ';
                                                     if exists (select  top 1 1  from  sys.schemas (nolock)
                                                     where name=''''''+dpr.name+'''''')
                                                     drop schema [''+dpr.name+''];
                                                     if exists (select  top 1 1  from  sys.database_principals (nolock)
                                                     where name=''''''+dpr.name+'''''')
                                                     drop user [''+dpr.name+''];
                                                     CREATE USER [''+dpr.name+''] FOR LOGIN [''+l.name+''] WITH DEFAULT_SCHEMA=[''+dpr.default_schema_name+'']'' COLLATE LATIN1_General_CI_AS
                                                     from [' + @dbname + '].sys.database_principals dpr
                                                                          join [' + @dbname + '].sys.syslogins l on dpr.sid =l.sid
                                                                                               where dpr.type  in(''S'',''U'')
                                                                                               and dpr.name not in(''dbo'',''##MS_PolicyEventProcessingLogin##'',''##MS_AgentSigningCertificate##'',''##MS_PolicyTsqlExecutionLogin##'')
                                                                                               Union all
                                                                                               select
                                                                                               ''use ' + @dbname + ';
                                                                                                                    if exists (select  top 1 1  from  sys.schemas (nolock)
                                                                                                                    where name=''''''+dpr.name+'''''')
                                                                                                                    drop schema [''+dpr.name+''];
                                                                                                                    if exists (select  top 1 1  from  sys.database_principals (nolock)
                                                                                                                    where name=''''''+dpr.name+'''''')
                                                                                                                    drop user [''+dpr.name+''];
                                                                                                                    CREATE USER [''+dpr.name+''] FOR LOGIN [''+l.name+'']''  COLLATE LATIN1_General_CI_AS
                                                                                                                    from [' + @dbname + '].sys.database_principals dpr
                                                                                                                                         join [' + @dbname + '].sys.syslogins l on dpr.sid =l.sid
                                                                                                                                                              where dpr.type  in(''G'')
                                                                                                                                                              and dpr.name not in(''dbo'',''##MS_PolicyEventProcessingLogin##'',''##MS_AgentSigningCertificate##'',''##MS_PolicyTsqlExecutionLogin##'')
                                                                                                                                                              and dpr.name not like ''%SQLServer2005%'''
              INSERT INTO @temp_file
                         (sql_text)
              EXEC( @cmd)
              /*用户与角色之间的关系*/
              SELECT @cmd = 'select ''use ' + @dbname + ' ;
                                                            exec sp_addrolemember ''''''+dpr.name+'''''',''''''+dpr1.name+''''''''  COLLATE LATIN1_General_CI_AS
                                                            from ' + @dbname + '.sys.database_role_members  drm
                                                                                join ' + @dbname + '.sys.database_principals  dpr   on drm.role_principal_id=dpr.principal_id
                                                                                                    join ' + @dbname + '.sys.database_principals  dpr1   on drm.member_principal_id=dpr1.principal_id
                                                                                                                        where dpr1.name not in(''dbo'',''##MS_PolicyEventProcessingLogin##'',''##MS_AgentSigningCertificate##'',''##MS_PolicyTsqlExecutionLogin##'')
                                                                                                                        and dpr1.name not like ''%SQLServer2005%''
                                                                                                                        and suser_sname(dpr1.sid) is not null'
              INSERT INTO @temp_file
                         (sql_text)
              EXEC( @cmd)
              /************角色拥有权限***************************/
              
              /*拥有对象的权限*//*拥有对象字段的权限*//*数据库权限*/
              SELECT @cmd = 'select
                                ''USE [' + @dbname + '];
                                                      ''+dp.state_desc+'' ''+dp.permission_name+'' ON ''+s.name+''.[''+o.name+''] TO [''+du.name+'']''  COLLATE LATIN1_General_CI_AS
                                                      from [' + @dbname + '].sys.all_objects o (nolock)
                                                                           join [' + @dbname + '].sys.database_permissions dp (nolock) on dp.major_id = o.object_id
                                                                                                join [' + @dbname + '].sys.schemas s (nolock) on o.schema_id = s.schema_id
                                                                                                                     join [' + @dbname + '].sys.database_principals  du (nolock) on dp.grantee_principal_id = du.principal_id
                                                                                                                                          where du.type in (''R'') and dp.class_desc =''OBJECT_OR_COLUMN'' and minor_id=0--为对象
                                                                                                                                          and du.name not in(
                                                                                                                                          ''public'',
                                                                                                                                          ''TargetServersRole'',
                                                                                                                                          ''SQLAgentUserRole'',
                                                                                                                                          ''SQLAgentReaderRole'',
                                                                                                                                          ''SQLAgentOperatorRole'',
                                                                                                                                          ''DatabaseMailUserRole'',
                                                                                                                                          ''db_dtsadmin'',
                                                                                                                                          ''db_dtsltduser'',
                                                                                                                                          ''db_dtsoperator'',
                                                                                                                                          ''JOBUsers'',
                                                                                                                                          ''DTSUsers'',
                                                                                                                                          ''dbm_monitor'',
                                                                                                                                          ''replmonitor'',
                                                                                                                                          ''db_ssisadmin'',
                                                                                                                                          ''db_ssisltduser'',
                                                                                                                                          ''db_ssisoperator'',
                                                                                                                                          ''dc_operator'',
                                                                                                                                          ''dc_admin'',
                                                                                                                                          ''dc_proxy'',
                                                                                                                                          ''PolicyAdministratorRole'',
                                                                                                                                          ''ServerGroupAdministratorRole'',
                                                                                                                                          ''ServerGroupReaderRole'',
                                                                                                                                          ''UtilityCMRReader'',
                                                                                                                                          ''UtilityIMRWriter'',
                                                                                                                                          ''UtilityIMRReader''
                                                                                                                                          )
                                                                                                                                          union all
                                                                                                                                          select
                                                                                                                                          ''USE [' + @dbname + '];
                                                                                                                                                                ''+dp.state_desc+'' ''+dp.permission_name+'' ON ''+s.name+''.[''+o.name+''].[''+o.name+'']  TO [''+du.name+'']''  COLLATE LATIN1_General_CI_AS
                                                                                                                                                                from [' + @dbname + '].sys.all_objects o (nolock)
                                                                                                                                                                                     join [' + @dbname + '].sys.database_permissions dp (nolock) on dp.major_id = o.object_id--字段与对象的关系
                                                                                                                                                                                                          join [' + @dbname + '].sys.schemas s (nolock) on o.schema_id = s.schema_id
                                                                                                                                                                                                                               join [' + @dbname + '].sys.all_columns c on c.object_id=o.object_id AND dp.minor_id=c.column_id --字段与权限的关系
                                                                                                                                                                                                                                                    join [' + @dbname + '].sys.database_principals  du (nolock) on dp.grantee_principal_id = du.principal_id
                                                                                                                                                                                                                                                                         where du.type in (''R'') and dp.class_desc =''OBJECT_OR_COLUMN'' and minor_id=1--为字段
                                                                                                                                                                                                                                                                         and du.name not in(
                                                                                                                                                                                                                                                                         ''public'',
                                                                                                                                                                                                                                                                         ''TargetServersRole'',
                                                                                                                                                                                                                                                                         ''SQLAgentUserRole'',
                                                                                                                                                                                                                                                                         ''SQLAgentReaderRole'',
                                                                                                                                                                                                                                                                         ''SQLAgentOperatorRole'',
                                                                                                                                                                                                                                                                         ''DatabaseMailUserRole'',
                                                                                                                                                                                                                                                                         ''db_dtsadmin'',
                                                                                                                                                                                                                                                                         ''db_dtsltduser'',
                                                                                                                                                                                                                                                                         ''db_dtsoperator'',
                                                                                                                                                                                                                                                                         ''JOBUsers'',
                                                                                                                                                                                                                                                                         ''DTSUsers'',
                                                                                                                                                                                                                                                                         ''dbm_monitor'',
                                                                                                                                                                                                                                                                         ''replmonitor'',
                                                                                                                                                                                                                                                                         ''db_ssisadmin'',
                                                                                                                                                                                                                                                                         ''db_ssisltduser'',
                                                                                                                                                                                                                                                                         ''db_ssisoperator'',
                                                                                                                                                                                                                                                                         ''dc_operator'',
                                                                                                                                                                                                                                                                         ''dc_admin'',
                                                                                                                                                                                                                                                                         ''dc_proxy'',
                                                                                                                                                                                                                                                                         ''PolicyAdministratorRole'',
                                                                                                                                                                                                                                                                         ''ServerGroupAdministratorRole'',
                                                                                                                                                                                                                                                                         ''ServerGroupReaderRole'',
                                                                                                                                                                                                                                                                         ''UtilityCMRReader'',
                                                                                                                                                                                                                                                                         ''UtilityIMRWriter'',
                                                                                                                                                                                                                                                                         ''UtilityIMRReader''
                                                                                                                                                                                                                                                                         )
                                                                                                                                                                                                                                                                         union all
                                                                                                                                                                                                                                                                         select ''use [' + @dbname + '] ;
                                                                                                                                                                                                                                                                                                       ''+dp.state_desc+'' ''+dp.permission_name+'' to [''+du.name+'']''   COLLATE LATIN1_General_CI_AS
                                                                                                                                                                                                                                                                                                      From [' + @dbname + '].sys.database_permissions dp (nolock)
                                                                                                                                                                                                                                                                                                                           join [' + @dbname + '].sys.database_principals  du (nolock) on dp.grantee_principal_id = du.principal_id
                                                                                                                                                                                                                                                                                                                                                where dp.class_desc=''DATABASE'' and permission_name <>''CONNECT''  and du.type in (''R'')
                                                                                                                                                                                                                                                                                                                                                and du.name not in(
                                                                                                                                                                                                                                                                                                                                                ''public'',
                                                                                                                                                                                                                                                                                                                                                ''TargetServersRole'',
                                                                                                                                                                                                                                                                                                                                                ''SQLAgentUserRole'',
                                                                                                                                                                                                                                                                                                                                                ''SQLAgentReaderRole'',
                                                                                                                                                                                                                                                                                                                                                ''SQLAgentOperatorRole'',
                                                                                                                                                                                                                                                                                                                                                ''DatabaseMailUserRole'',
                                                                                                                                                                                                                                                                                                                                                ''db_dtsadmin'',
                                                                                                                                                                                                                                                                                                                                                ''db_dtsltduser'',
                                                                                                                                                                                                                                                                                                                                                ''db_dtsoperator'',
                                                                                                                                                                                                                                                                                                                                                ''JOBUsers'',
                                                                                                                                                                                                                                                                                                                                                ''DTSUsers'',
                                                                                                                                                                                                                                                                                                                                                ''dbm_monitor'',
                                                                                                                                                                                                                                                                                                                                                ''replmonitor'',
                                                                                                                                                                                                                                                                                                                                                ''db_ssisadmin'',
                                                                                                                                                                                                                                                                                                                                                ''db_ssisltduser'',
                                                                                                                                                                                                                                                                                                                                                ''db_ssisoperator'',
                                                                                                                                                                                                                                                                                                                                                ''dc_operator'',
                                                                                                                                                                                                                                                                                                                                                ''dc_admin'',
                                                                                                                                                                                                                                                                                                                                                ''dc_proxy'',
                                                                                                                                                                                                                                                                                                                                                ''PolicyAdministratorRole'',
                                                                                                                                                                                                                                                                                                                                                ''ServerGroupAdministratorRole'',
                                                                                                                                                                                                                                                                                                                                                ''ServerGroupReaderRole'',
                                                                                                                                                                                                                                                                                                                                                ''UtilityCMRReader'',
                                                                                                                                                                                                                                                                                                                                                ''UtilityIMRWriter'',
                                                                                                                                                                                                                                                                                                                                                ''UtilityIMRReader''
                                                                                                                                                                                                                                                                                                                                                ) '
              INSERT INTO @temp_file
                         (sql_text)
              EXEC( @cmd)
              /*用户拥有架构*//*用户拥有USER,role的权限*//*类型权限*/
              SELECT @cmd = '
                                select ''use [' + @dbname + '] ;
                                                             ''+dp.state_desc + '' '' + dp.permission_name + '' on SCHEMA::[''+ s.name + ''] to ['' + du.name + '']''    COLLATE LATIN1_General_CI_AS
                                                             from [' + @dbname + '].sys.database_permissions dp (nolock)
                                                                                  join [' + @dbname + '].sys.schemas s (nolock) on dp.major_id = s.schema_id
                                                                                                       join [' + @dbname + '].sys.database_principals  du (nolock) on dp.grantee_principal_id = du.principal_id
                                                                                                                            where dp.class_desc=''SCHEMA''
                                                                                                                            and du.name not in(
                                                                                                                            ''public'',
                                                                                                                            ''TargetServersRole'',
                                                                                                                            ''SQLAgentUserRole'',
                                                                                                                            ''SQLAgentReaderRole'',
                                                                                                                            ''SQLAgentOperatorRole'',
                                                                                                                            ''DatabaseMailUserRole'',
                                                                                                                            ''db_dtsadmin'',
                                                                                                                            ''db_dtsltduser'',
                                                                                                                            ''db_dtsoperator'',
                                                                                                                            ''JOBUsers'',
                                                                                                                            ''DTSUsers'',
                                                                                                                            ''dbm_monitor'',
                                                                                                                            ''replmonitor'',
                                                                                                                            ''db_ssisadmin'',
                                                                                                                            ''db_ssisltduser'',
                                                                                                                            ''db_ssisoperator'',
                                                                                                                            ''dc_operator'',
                                                                                                                            ''dc_admin'',
                                                                                                                            ''dc_proxy'',
                                                                                                                            ''PolicyAdministratorRole'',
                                                                                                                            ''ServerGroupAdministratorRole'',
                                                                                                                            ''ServerGroupReaderRole'',
                                                                                                                            ''UtilityCMRReader'',
                                                                                                                            ''UtilityIMRWriter'',
                                                                                                                            ''UtilityIMRReader''
                                                                                                                            )
                                                                                                                            and du.type in (''R'')
                                                                                                                            union all
                                                                                                                            select ''use [' + @dbname + '] ;
                                                                                                                                                         ''+dpe.state_desc + '' '' + dpe.permission_name + '' on ''+case when dpr.type=''S'' then ''USER::['' else ''ROLE::['' end + dpr.name + ''] to ['' + dpr1.name + '']''   COLLATE LATIN1_General_CI_AS
                                                                                                                                                         from [' + @dbname + '].sys.database_permissions dpe
                                                                                                                                                                              join [' + @dbname + '].sys.database_principals dpr on dpe.major_id=dpr.principal_id
                                                                                                                                                                                                   join [' + @dbname + '].sys.database_principals dpr1 on dpe.grantee_principal_id=dpr1.principal_id
                                                                                                                                                                                                                        where dpr.type in(''S'',''R'') and dpe.class_desc=''DATABASE_PRINCIPAL'' and  dpr1.type in (''R'')
                                                                                                                                                                                                                        and dpr1.name not in(
                                                                                                                                                                                                                        ''public'',
                                                                                                                                                                                                                        ''TargetServersRole'',
                                                                                                                                                                                                                        ''SQLAgentUserRole'',
                                                                                                                                                                                                                        ''SQLAgentReaderRole'',
                                                                                                                                                                                                                        ''SQLAgentOperatorRole'',
                                                                                                                                                                                                                        ''DatabaseMailUserRole'',
                                                                                                                                                                                                                        ''db_dtsadmin'',
                                                                                                                                                                                                                        ''db_dtsltduser'',
                                                                                                                                                                                                                        ''db_dtsoperator'',
                                                                                                                                                                                                                        ''JOBUsers'',
                                                                                                                                                                                                                        ''DTSUsers'',
                                                                                                                                                                                                                        ''dbm_monitor'',
                                                                                                                                                                                                                        ''replmonitor'',
                                                                                                                                                                                                                        ''db_ssisadmin'',
                                                                                                                                                                                                                        ''db_ssisltduser'',
                                                                                                                                                                                                                        ''db_ssisoperator'',
                                                                                                                                                                                                                        ''dc_operator'',
                                                                                                                                                                                                                        ''dc_admin'',
                                                                                                                                                                                                                        ''dc_proxy'',
                                                                                                                                                                                                                        ''PolicyAdministratorRole'',
                                                                                                                                                                                                                        ''ServerGroupAdministratorRole'',
                                                                                                                                                                                                                        ''ServerGroupReaderRole'',
                                                                                                                                                                                                                        ''UtilityCMRReader'',
                                                                                                                                                                                                                        ''UtilityIMRWriter'',
                                                                                                                                                                                                                        ''UtilityIMRReader''
                                                                                                                                                                                                                        )
                                                                                                                                                                                                                        union all
                                                                                                                                                                                                                        select ''use [' + @dbname + '] ;
                                                                                                                                                                                                                                                     ''+dp.state_desc + '' '' + dp.permission_name + '' on TYPE::[''+ s.name + ''].['' + o.name + ''] to ['' + du.name + '']'' COLLATE LATIN1_General_CI_AS
                                                                                                                                                                                                                                                     from [' + @dbname + '].sys.database_permissions dp (nolock)
                                                                                                                                                                                                                                                                          join [' + @dbname + '].sys.types  o (nolock) on dp.major_id = o.user_type_id
                                                                                                                                                                                                                                                                                               join [' + @dbname + '].sys.database_principals du (nolock) on dp.grantee_principal_id = du.principal_id
                                                                                                                                                                                                                                                                                                                    join [' + @dbname + '].sys.schemas s (nolock) on o.schema_id = s.schema_id
                                                                                                                                                                                                                                                                                                                                         where class_desc=''TYPE''
                                                                                                                                                                                                                                                                                                                                         and du.type in (''R'')
                                                                                                                                                                                                                                                                                                                                         and du.name not in(
                                                                                                                                                                                                                                                                                                                                         ''public'',
                                                                                                                                                                                                                                                                                                                                         ''TargetServersRole'',
                                                                                                                                                                                                                                                                                                                                         ''SQLAgentUserRole'',
                                                                                                                                                                                                                                                                                                                                         ''SQLAgentReaderRole'',
                                                                                                                                                                                                                                                                                                                                         ''SQLAgentOperatorRole'',
                                                                                                                                                                                                                                                                                                                                         ''DatabaseMailUserRole'',
                                                                                                                                                                                                                                                                                                                                         ''db_dtsadmin'',
                                                                                                                                                                                                                                                                                                                                         ''db_dtsltduser'',
                                                                                                                                                                                                                                                                                                                                         ''db_dtsoperator'',
                                                                                                                                                                                                                                                                                                                                         ''JOBUsers'',
                                                                                                                                                                                                                                                                                                                                         ''DTSUsers'',
                                                                                                                                                                                                                                                                                                                                         ''dbm_monitor'',
                                                                                                                                                                                                                                                                                                                                         ''replmonitor'',
                                                                                                                                                                                                                                                                                                                                         ''db_ssisadmin'',
                                                                                                                                                                                                                                                                                                                                         ''db_ssisltduser'',
                                                                                                                                                                                                                                                                                                                                         ''db_ssisoperator'',
                                                                                                                                                                                                                                                                                                                                         ''dc_operator'',
                                                                                                                                                                                                                                                                                                                                         ''dc_admin'',
                                                                                                                                                                                                                                                                                                                                         ''dc_proxy'',
                                                                                                                                                                                                                                                                                                                                         ''PolicyAdministratorRole'',
                                                                                                                                                                                                                                                                                                                                         ''ServerGroupAdministratorRole'',
                                                                                                                                                                                                                                                                                                                                         ''ServerGroupReaderRole'',
                                                                                                                                                                                                                                                                                                                                         ''UtilityCMRReader'',
                                                                                                                                                                                                                                                                                                                                         ''UtilityIMRWriter'',
                                                                                                                                                                                                                                                                                                                                         ''UtilityIMRReader''
                                                                                                                                                                                                                                                                                                                                         )
                                                                                                                                                                                                                                                                                                                                         --and suser_sname(du.sid) is not null
                                                                                                                                                                                                                                                                                                                                         '
              INSERT INTO @temp_file
                         (sql_text)
              EXEC( @cmd)
              /************用户拥有权限***************************/
              /*拥有对象的权限*//*拥有对象字段的权限*//*数据库权限*/
              SELECT @cmd = 'select
                                ''USE [' + @dbname + '];
                                                      ''+dp.state_desc+'' ''+dp.permission_name+'' ON ''+s.name+''.[''+o.name+''] TO [''+du.name+'']''  COLLATE LATIN1_General_CI_AS
                                                      from [' + @dbname + '].sys.all_objects o (nolock)
                                                                           join [' + @dbname + '].sys.database_permissions dp (nolock) on dp.major_id = o.object_id
                                                                                                join [' + @dbname + '].sys.schemas s (nolock) on o.schema_id = s.schema_id
                                                                                                                     join [' + @dbname + '].sys.database_principals  du (nolock) on dp.grantee_principal_id = du.principal_id
                                                                                                                                          where du.type in (''S'',''U'',''G'') and dp.class_desc =''OBJECT_OR_COLUMN'' and minor_id=0--为对象
                                                                                                                                          and du.name not in(''dbo'',''##MS_PolicyEventProcessingLogin##'',''##MS_AgentSigningCertificate##'',''##MS_PolicyTsqlExecutionLogin##'')
                                                                                                                                          and du.name not like ''%SQLServer2005%''
                                                                                                                                          union all
                                                                                                                                          select
                                                                                                                                          ''USE [' + @dbname + '];
                                                                                                                                                                ''+dp.state_desc+'' ''+dp.permission_name+'' ON ''+s.name+''.[''+o.name+''].[''+o.name+'']  TO [''+du.name+'']''  COLLATE LATIN1_General_CI_AS
                                                                                                                                                                from [' + @dbname + '].sys.all_objects o (nolock)
                                                                                                                                                                                     join [' + @dbname + '].sys.database_permissions dp (nolock) on dp.major_id = o.object_id--字段与对象的关系
                                                                                                                                                                                                          join [' + @dbname + '].sys.schemas s (nolock) on o.schema_id = s.schema_id
                                                                                                                                                                                                                               join [' + @dbname + '].sys.all_columns c on c.object_id=o.object_id AND dp.minor_id=c.column_id --字段与权限的关系
                                                                                                                                                                                                                                                    join [' + @dbname + '].sys.database_principals  du (nolock) on dp.grantee_principal_id = du.principal_id
                                                                                                                                                                                                                                                                         where du.type in (''S'',''U'',''G'') and dp.class_desc =''OBJECT_OR_COLUMN'' and minor_id=1--为字段
                                                                                                                                                                                                                                                                         and du.name not in(''dbo'',''##MS_PolicyEventProcessingLogin##'',''##MS_AgentSigningCertificate##'',''##MS_PolicyTsqlExecutionLogin##'')
                                                                                                                                                                                                                                                                         and du.name not like ''%SQLServer2005%''
                                                                                                                                                                                                                                                                         union all
                                                                                                                                                                                                                                                                         select ''use [' + @dbname + '] ;
                                                                                                                                                                                                                                                                                                       ''+dp.state_desc+'' ''+dp.permission_name+'' to [''+du.name+'']''   COLLATE LATIN1_General_CI_AS
                                                                                                                                                                                                                                                                                                      From [' + @dbname + '].sys.database_permissions dp (nolock)
                                                                                                                                                                                                                                                                                                                           join [' + @dbname + '].sys.database_principals  du (nolock) on dp.grantee_principal_id = du.principal_id
                                                                                                                                                                                                                                                                                                                                                where dp.class_desc=''DATABASE'' and permission_name <>''CONNECT''
                                                                                                                                                                                                                                                                                                                                                and du.name not in(''dbo'',''##MS_PolicyEventProcessingLogin##'',''##MS_AgentSigningCertificate##'',''##MS_PolicyTsqlExecutionLogin##'')
                                                                                                                                                                                                                                                                                                                                                and du.name not like ''%SQLServer2005%''
                                                                                                                                                                                                                                                                                                                                                '
              INSERT INTO @temp_file
                         (sql_text)
              EXEC( @cmd)
              /*用户拥有架构*//*用户拥有USER,role的权限*//*类型权限*/
              SELECT @cmd = '
                                select ''use [' + @dbname + '] ;
                                                             ''+dp.state_desc + '' '' + dp.permission_name + '' on SCHEMA::[''+ s.name + ''] to ['' + du.name + '']''    COLLATE LATIN1_General_CI_AS
                                                             from [' + @dbname + '].sys.database_permissions dp (nolock)
                                                                                  join [' + @dbname + '].sys.schemas s (nolock) on dp.major_id = s.schema_id
                                                                                                       join [' + @dbname + '].sys.database_principals  du (nolock) on dp.grantee_principal_id = du.principal_id
                                                                                                                            where dp.class_desc=''SCHEMA''
                                                                                                                            and du.name not in(''dbo'',''##MS_PolicyEventProcessingLogin##'',''##MS_AgentSigningCertificate##'',''##MS_PolicyTsqlExecutionLogin##'')
                                                                                                                            and du.name not like ''%SQLServer2005%''
                                                                                                                            and du.type in (''S'',''U'',''G'')
                                                                                                                            union all
                                                                                                                            select ''use [' + @dbname + '] ;
                                                                                                                                                         ''+dpe.state_desc + '' '' + dpe.permission_name + '' on ''+case when dpr.type=''S'' then ''USER::['' else ''ROLE::['' end + dpr.name + ''] to ['' + dpr1.name + '']''   COLLATE LATIN1_General_CI_AS
                                                                                                                                                         from [' + @dbname + '].sys.database_permissions dpe
                                                                                                                                                                              join [' + @dbname + '].sys.database_principals dpr on dpe.major_id=dpr.principal_id
                                                                                                                                                                                                   join [' + @dbname + '].sys.database_principals dpr1 on dpe.grantee_principal_id=dpr1.principal_id
                                                                                                                                                                                                                        where dpr.type in(''S'',''R'') and dpe.class_desc=''DATABASE_PRINCIPAL'' and  dpr1.type in (''S'',''U'',''G'')
                                                                                                                                                                                                                        and dpr1.name not in(''dbo'',''##MS_PolicyEventProcessingLogin##'',''##MS_AgentSigningCertificate##'',''##MS_PolicyTsqlExecutionLogin##'')
                                                                                                                                                                                                                        and dpr1.name not like ''%SQLServer2005%''
                                                                                                                                                                                                                        union all
                                                                                                                                                                                                                        select ''use [' + @dbname + '] ;
                                                                                                                                                                                                                                                     ''+dp.state_desc + '' '' + dp.permission_name + '' on TYPE::[''+ s.name + ''].['' + o.name + ''] to ['' + du.name + '']'' COLLATE LATIN1_General_CI_AS
                                                                                                                                                                                                                                                     from [' + @dbname + '].sys.database_permissions dp (nolock)
                                                                                                                                                                                                                                                                          join [' + @dbname + '].sys.types  o (nolock) on dp.major_id = o.user_type_id
                                                                                                                                                                                                                                                                                               join [' + @dbname + '].sys.database_principals du (nolock) on dp.grantee_principal_id = du.principal_id
                                                                                                                                                                                                                                                                                                                    join [' + @dbname + '].sys.schemas s (nolock) on o.schema_id = s.schema_id
                                                                                                                                                                                                                                                                                                                                         where class_desc=''TYPE''
                                                                                                                                                                                                                                                                                                                                         and du.type in (''S'',''U'',''G'')
                                                                                                                                                                                                                                                                                                                                         and du.name not in(''dbo'',''##MS_PolicyEventProcessingLogin##'',''##MS_AgentSigningCertificate##'',''##MS_PolicyTsqlExecutionLogin##'')
                                                                                                                                                                                                                                                                                                                                         and du.name not like ''%SQLServer2005%''
                                                                                                                                                                                                                                                                                                                                         --and suser_sname(du.sid) is not null
                                                                                                                                                                                                                                                                                                                                         '
              --print (@cmd)
              INSERT INTO @temp_file
                         (sql_text)
              EXEC( @cmd)
            END
          /*轮训下一个数据库*/
          FETCH NEXT FROM db_table_cursor
          INTO @dbname
        END
      /*关闭和删除游标*/
      CLOSE db_table_cursor
      DEALLOCATE db_table_cursor
      IF @filepath IS NULL
        SELECT   sql_text
        FROM     @temp_file
        ORDER BY id
      ELSE  --将结果导出到@bcpfilename文件中
        BEGIN
          IF Object_id('tempdb..##tb_result_SQLPermissions_user') IS NOT NULL
            DROP TABLE ##tb_result_sqlpermissions_user
          CREATE TABLE ##tb_result_sqlpermissions_user (
            id       INT,
            sql_text VARCHAR(MAX))
          INSERT INTO ##tb_result_sqlpermissions_user
          SELECT   id,
                   sql_text
          FROM     @temp_file
          ORDER BY id
          SELECT @cmd = 'master..xp_cmdshell ''bcp "select sql_text from ##tb_result_SQLPermissions_user order by id" queryout ' + @filepath + ' -T -c -S' + @@SERVERNAME + ''''
          EXEC( @cmd)
          DROP TABLE ##tb_result_sqlpermissions_user
        END
    View Code

    脚本(user)

     此处数据库级别的权限,则自然包括用户数据库的权限和角色的权限;可将常用权限导出,并不能导出所有权限。

    create proc [dbo].[spm_GetPermission_user] 
      @loginame varchar(100)=null,
      @filepath varchar(1000)=null
    as
    
    set nocount on
    /*表变量用于存放数据*/
    declare  @temp_file table (id int  identity(1,1) ,sql_text varchar(max))
    declare @cmd varchar(max)
    declare @dbname varchar(100)
    
      
    /*游标轮训系统数据库的权限*/
    declare   db_table_cursor cursor for 
    select name from sys.databases
    where name not in ('master','msdb','model','tempdb','distribution') and state=0
    order by name 
    
    /*打开游标*/
    open db_table_cursor
    
    fetch next from  db_table_cursor into  @dbname
    WHILE @@FETCH_STATUS = 0
    begin
    if @loginame is not null 
    begin
    
    
    /*数据库用户新建*/
    select @cmd=    
    'select 
    ''use ['+@dbname+'];
    if exists (select top 1 1 from  sys.schemas (nolock) 
    where name=''''''+dpr.name+'''''')
    drop schema [''+dpr.name+''];
    if exists (select top 1 1 from  sys.database_principals (nolock) 
    where name=''''''+dpr.name+'''''')
    drop user [''+dpr.name+'']; 
    CREATE USER [''+dpr.name+''] FOR LOGIN [''+l.name+''] WITH DEFAULT_SCHEMA=[''+dpr.default_schema_name+'']'' COLLATE LATIN1_General_CI_AS
    from ['+@dbname+'].sys.database_principals dpr 
    join ['+@dbname+'].sys.syslogins l on dpr.sid =l.sid
    where dpr.type  in(''S'',''U'') and l.name ='''+@loginame+'''
    Union all
    select 
    ''use ['+@dbname+'];
    if exists (select top 1 1  from  sys.schemas (nolock) 
    where name=''''''+dpr.name+'''''')
    drop schema [''+dpr.name+''];
    if exists (select top 1 1  from  sys.database_principals (nolock) 
    where name=''''''+dpr.name+'''''')
    drop user [''+dpr.name+'']; 
    CREATE USER [''+dpr.name+''] FOR LOGIN [''+l.name+'']''  COLLATE LATIN1_General_CI_AS
    from ['+@dbname+'].sys.database_principals dpr 
    join ['+@dbname+'].sys.syslogins l on dpr.sid =l.sid
    where dpr.type  in(''G'') and  l.name ='''+@loginame+''''
    insert into @temp_file(sql_text)
    exec (@cmd)
    
    /*用户与角色之间的关系*/
    select @cmd=
    'select ''use ['+@dbname+'] ;
    exec sp_addrolemember ''''''+dpr.name+'''''',''''''+dpr1.name+''''''''  COLLATE LATIN1_General_CI_AS
    from ['+@dbname+'].sys.database_role_members  drm
    join ['+@dbname+'].sys.database_principals  dpr   on drm.role_principal_id=dpr.principal_id
    join ['+@dbname+'].sys.database_principals  dpr1   on drm.member_principal_id=dpr1.principal_id
    where  suser_sname(dpr1.sid) ='''+@loginame+''''
    insert into @temp_file(sql_text)
    exec (@cmd)
    
    /*拥有对象的权限*//*拥有对象字段的权限*//*数据库权限*/
    select @cmd=
    'select 
    ''USE ['+@dbname+'];
    ''+dp.state_desc+'' ''+dp.permission_name+'' ON ''+s.name+''.[''+o.name+''] TO [''+du.name+'']''  COLLATE LATIN1_General_CI_AS
    from ['+@dbname+'].sys.all_objects o (nolock)
    join ['+@dbname+'].sys.database_permissions dp (nolock) on dp.major_id = o.object_id
    join ['+@dbname+'].sys.schemas s (nolock) on o.schema_id = s.schema_id
    join ['+@dbname+'].sys.database_principals  du (nolock) on dp.grantee_principal_id = du.principal_id
    where du.type in (''S'',''U'',''G'') and dp.class_desc =''OBJECT_OR_COLUMN'' and minor_id=0--为对象  
    and suser_sname(du.sid)='''+@loginame+'''
    union all
    select 
    ''USE ['+@dbname+'];
    ''+dp.state_desc+'' ''+dp.permission_name+'' ON ''+s.name+''.[''+o.name+''].[''+o.name+'']  TO [''+du.name+'']''  COLLATE LATIN1_General_CI_AS
    from ['+@dbname+'].sys.all_objects o (nolock)
    join ['+@dbname+'].sys.database_permissions dp (nolock) on dp.major_id = o.object_id--字段与对象的关系
    join ['+@dbname+'].sys.schemas s (nolock) on o.schema_id = s.schema_id
    join ['+@dbname+'].sys.all_columns c on c.object_id=o.object_id AND dp.minor_id=c.column_id --字段与权限的关系
    join ['+@dbname+'].sys.database_principals  du (nolock) on dp.grantee_principal_id = du.principal_id
    where du.type in (''S'',''U'',''G'') and dp.class_desc =''OBJECT_OR_COLUMN'' and minor_id=1--为字段
    and suser_sname(du.sid)='''+@loginame+'''
    union all
    select ''use ['+@dbname+'] ;
     ''+dp.state_desc+'' ''+dp.permission_name+'' to [''+du.name+'']''   COLLATE LATIN1_General_CI_AS
    From ['+@dbname+'].sys.database_permissions dp (nolock)
    join ['+@dbname+'].sys.database_principals  du (nolock) on dp.grantee_principal_id = du.principal_id
    where dp.class_desc=''DATABASE'' and permission_name <>''CONNECT''
    and suser_sname(du.sid)='''+@loginame+''''
    insert into @temp_file(sql_text)
    exec (@cmd)
    
    
    /*用户拥有架构*//*用户拥有USER,role的权限*//*类型权限*/
    select @cmd='
    select ''use ['+@dbname+'] ;
    ''+dp.state_desc + '' '' + dp.permission_name + '' on SCHEMA::[''+ s.name + ''] to ['' + du.name + '']''    COLLATE LATIN1_General_CI_AS
    from ['+@dbname+'].sys.database_permissions dp (nolock)
    join ['+@dbname+'].sys.schemas s (nolock) on dp.major_id = s.schema_id
    join ['+@dbname+'].sys.database_principals  du (nolock) on dp.grantee_principal_id = du.principal_id
    where dp.class_desc=''SCHEMA''
    and du.type in (''S'',''U'',''G'') 
    and suser_sname(du.sid)='''+@loginame+'''
    union all
    select ''use ['+@dbname+'] ;
    ''+dpe.state_desc + '' '' + dpe.permission_name + '' on ''+case when dpr.type=''S'' then ''USER::['' else ''ROLE::['' end + dpr.name + ''] to ['' + dpr1.name + '']''   COLLATE LATIN1_General_CI_AS
    from ['+@dbname+'].sys.database_permissions dpe
    join ['+@dbname+'].sys.database_principals dpr on dpe.major_id=dpr.principal_id
    join ['+@dbname+'].sys.database_principals dpr1 on dpe.grantee_principal_id=dpr1.principal_id
    where dpr.type in(''S'',''R'') and dpe.class_desc=''DATABASE_PRINCIPAL'' and  dpr1.type in (''S'',''U'',''G'')
    and suser_sname(dpr1.sid)='''+@loginame+'''
    union all
    select ''use ['+@dbname+'] ;
    ''+dp.state_desc + '' '' + dp.permission_name + '' on TYPE::[''+ s.name + ''].['' + o.name + ''] to ['' + du.name + '']'' COLLATE LATIN1_General_CI_AS
    from ['+@dbname+'].sys.database_permissions dp (nolock) 
    join ['+@dbname+'].sys.types  o (nolock) on dp.major_id = o.user_type_id
    join ['+@dbname+'].sys.database_principals du (nolock) on dp.grantee_principal_id = du.principal_id
    join ['+@dbname+'].sys.schemas s (nolock) on o.schema_id = s.schema_id
    where class_desc=''TYPE'' 
    and du.type in (''S'',''U'',''G'') 
    and suser_sname(du.sid)='''+@loginame+'''
    --and suser_sname(du.sid) is not null
    '
    insert into @temp_file(sql_text)
    exec (@cmd)
    
    
    end 
    /*******若不指定用户*****/
    else
    begin 
        /*数据库级别角色*/
         select @cmd=
        'select ''use ['+@dbname+']; 
        if not exists (select top 1 1 from sys.database_principals where name=''''''+dpe.name+'''''')
        create role [''+dpe.name+''] authorization [''+dpr.default_schema_name+'']''  COLLATE LATIN1_General_CI_AS
        from ['+@dbname+'].sys.database_principals dpe 
        join ['+@dbname+'].sys.database_principals  dpr on dpe.owning_principal_id=dpr.principal_id
        where dpe.is_fixed_role =0
        and dpe.type=''R''
        and dpe.name not in(
        ''public'',
        ''TargetServersRole'',
        ''SQLAgentUserRole'',
        ''SQLAgentReaderRole'',
        ''SQLAgentOperatorRole'',
        ''DatabaseMailUserRole'',
        ''db_dtsadmin'',
        ''db_dtsltduser'',
        ''db_dtsoperator'',
        ''JOBUsers'',
        ''DTSUsers'',
        ''dbm_monitor'',
        ''replmonitor'',
        ''db_ssisadmin'',
        ''db_ssisltduser'',
        ''db_ssisoperator'',
        ''dc_operator'',
        ''dc_admin'',
        ''dc_proxy'',
        ''PolicyAdministratorRole'',
        ''ServerGroupAdministratorRole'',
        ''ServerGroupReaderRole'',
        ''UtilityCMRReader'',
        ''UtilityIMRWriter'',
        ''UtilityIMRReader''
        )'
    
        insert into @temp_file(sql_text)
        exec (@cmd)
        
        /*数据库用户新建*/
        select @cmd=    
        'select 
        ''use ['+@dbname+'];
        if exists (select  top 1 1  from  sys.schemas (nolock) 
        where name=''''''+dpr.name+'''''')
        drop schema [''+dpr.name+''];
        if exists (select  top 1 1  from  sys.database_principals (nolock) 
        where name=''''''+dpr.name+'''''')
        drop user [''+dpr.name+'']; 
        CREATE USER [''+dpr.name+''] FOR LOGIN [''+l.name+''] WITH DEFAULT_SCHEMA=[''+dpr.default_schema_name+'']'' COLLATE LATIN1_General_CI_AS
        from ['+@dbname+'].sys.database_principals dpr 
        join ['+@dbname+'].sys.syslogins l on dpr.sid =l.sid
        where dpr.type  in(''S'',''U'')  
        and dpr.name not in(''dbo'',''##MS_PolicyEventProcessingLogin##'',''##MS_AgentSigningCertificate##'',''##MS_PolicyTsqlExecutionLogin##'')
        Union all
        select 
        ''use ['+@dbname+'];
        if exists (select  top 1 1  from  sys.schemas (nolock) 
        where name=''''''+dpr.name+'''''')
        drop schema [''+dpr.name+''];
        if exists (select  top 1 1  from  sys.database_principals (nolock) 
        where name=''''''+dpr.name+'''''')
        drop user [''+dpr.name+'']; 
        CREATE USER [''+dpr.name+''] FOR LOGIN [''+l.name+'']''  COLLATE LATIN1_General_CI_AS
        from ['+@dbname+'].sys.database_principals dpr 
        join ['+@dbname+'].sys.syslogins l on dpr.sid =l.sid
        where dpr.type  in(''G'') 
        and dpr.name not in(''dbo'',''##MS_PolicyEventProcessingLogin##'',''##MS_AgentSigningCertificate##'',''##MS_PolicyTsqlExecutionLogin##'')
        and dpr.name not like ''%SQLServer2005%'''
        insert into @temp_file(sql_text)
        exec (@cmd)
    
    
        /*用户与角色之间的关系*/
        select @cmd=
        'select ''use ['+@dbname+'] ;
        exec sp_addrolemember ''''''+dpr.name+'''''',''''''+dpr1.name+''''''''  COLLATE LATIN1_General_CI_AS
        from ['+@dbname+'].sys.database_role_members  drm
        join ['+@dbname+'].sys.database_principals  dpr   on drm.role_principal_id=dpr.principal_id
        join ['+@dbname+'].sys.database_principals  dpr1   on drm.member_principal_id=dpr1.principal_id
        where dpr1.name not in(''dbo'',''##MS_PolicyEventProcessingLogin##'',''##MS_AgentSigningCertificate##'',''##MS_PolicyTsqlExecutionLogin##'')
        and dpr1.name not like ''%SQLServer2005%''
        and suser_sname(dpr1.sid) is not null'
    
        insert into @temp_file(sql_text)
        exec (@cmd)
    
        /************角色拥有权限***************************/
    
        /*拥有对象的权限*//*拥有对象字段的权限*//*数据库权限*/
        select @cmd=
        'select 
        ''USE ['+@dbname+'];
        ''+dp.state_desc+'' ''+dp.permission_name+'' ON ''+s.name+''.[''+o.name+''] TO [''+du.name+'']''  COLLATE LATIN1_General_CI_AS
        from ['+@dbname+'].sys.all_objects o (nolock)
        join ['+@dbname+'].sys.database_permissions dp (nolock) on dp.major_id = o.object_id
        join ['+@dbname+'].sys.schemas s (nolock) on o.schema_id = s.schema_id
        join ['+@dbname+'].sys.database_principals  du (nolock) on dp.grantee_principal_id = du.principal_id
        where du.type in (''R'') and dp.class_desc =''OBJECT_OR_COLUMN'' and minor_id=0--为对象
        and du.name not in(
        ''public'',
        ''TargetServersRole'',
        ''SQLAgentUserRole'',
        ''SQLAgentReaderRole'',
        ''SQLAgentOperatorRole'',
        ''DatabaseMailUserRole'',
        ''db_dtsadmin'',
        ''db_dtsltduser'',
        ''db_dtsoperator'',
        ''JOBUsers'',
        ''DTSUsers'',
        ''dbm_monitor'',
        ''replmonitor'',
        ''db_ssisadmin'',
        ''db_ssisltduser'',
        ''db_ssisoperator'',
        ''dc_operator'',
        ''dc_admin'',
        ''dc_proxy'',
        ''PolicyAdministratorRole'',
        ''ServerGroupAdministratorRole'',
        ''ServerGroupReaderRole'',
        ''UtilityCMRReader'',
        ''UtilityIMRWriter'',
        ''UtilityIMRReader''
        ) 
        union all
        select 
        ''USE ['+@dbname+'];
        ''+dp.state_desc+'' ''+dp.permission_name+'' ON ''+s.name+''.[''+o.name+''].[''+o.name+'']  TO [''+du.name+'']''  COLLATE LATIN1_General_CI_AS
        from ['+@dbname+'].sys.all_objects o (nolock)
        join ['+@dbname+'].sys.database_permissions dp (nolock) on dp.major_id = o.object_id--字段与对象的关系
        join ['+@dbname+'].sys.schemas s (nolock) on o.schema_id = s.schema_id
        join ['+@dbname+'].sys.all_columns c on c.object_id=o.object_id AND dp.minor_id=c.column_id --字段与权限的关系
        join ['+@dbname+'].sys.database_principals  du (nolock) on dp.grantee_principal_id = du.principal_id
        where du.type in (''R'') and dp.class_desc =''OBJECT_OR_COLUMN'' and minor_id=1--为字段
        and du.name not in(
        ''public'',
        ''TargetServersRole'',
        ''SQLAgentUserRole'',
        ''SQLAgentReaderRole'',
        ''SQLAgentOperatorRole'',
        ''DatabaseMailUserRole'',
        ''db_dtsadmin'',
        ''db_dtsltduser'',
        ''db_dtsoperator'',
        ''JOBUsers'',
        ''DTSUsers'',
        ''dbm_monitor'',
        ''replmonitor'',
        ''db_ssisadmin'',
        ''db_ssisltduser'',
        ''db_ssisoperator'',
        ''dc_operator'',
        ''dc_admin'',
        ''dc_proxy'',
        ''PolicyAdministratorRole'',
        ''ServerGroupAdministratorRole'',
        ''ServerGroupReaderRole'',
        ''UtilityCMRReader'',
        ''UtilityIMRWriter'',
        ''UtilityIMRReader''
        ) 
        union all
        select ''use ['+@dbname+'] ;
         ''+dp.state_desc+'' ''+dp.permission_name+'' to [''+du.name+'']''   COLLATE LATIN1_General_CI_AS
        From ['+@dbname+'].sys.database_permissions dp (nolock)
        join ['+@dbname+'].sys.database_principals  du (nolock) on dp.grantee_principal_id = du.principal_id
        where dp.class_desc=''DATABASE'' and permission_name <>''CONNECT''  and du.type in (''R'')
        and du.name not in(
        ''public'',
        ''TargetServersRole'',
        ''SQLAgentUserRole'',
        ''SQLAgentReaderRole'',
        ''SQLAgentOperatorRole'',
        ''DatabaseMailUserRole'',
        ''db_dtsadmin'',
        ''db_dtsltduser'',
        ''db_dtsoperator'',
        ''JOBUsers'',
        ''DTSUsers'',
        ''dbm_monitor'',
        ''replmonitor'',
        ''db_ssisadmin'',
        ''db_ssisltduser'',
        ''db_ssisoperator'',
        ''dc_operator'',
        ''dc_admin'',
        ''dc_proxy'',
        ''PolicyAdministratorRole'',
        ''ServerGroupAdministratorRole'',
        ''ServerGroupReaderRole'',
        ''UtilityCMRReader'',
        ''UtilityIMRWriter'',
        ''UtilityIMRReader''
        ) '
        insert into @temp_file(sql_text)
        exec (@cmd)
    
    
        /*用户拥有架构*//*用户拥有USER,role的权限*//*类型权限*/
        select @cmd='
        select ''use ['+@dbname+'] ;
        ''+dp.state_desc + '' '' + dp.permission_name + '' on SCHEMA::[''+ s.name + ''] to ['' + du.name + '']''    COLLATE LATIN1_General_CI_AS
        from ['+@dbname+'].sys.database_permissions dp (nolock)
        join ['+@dbname+'].sys.schemas s (nolock) on dp.major_id = s.schema_id
        join ['+@dbname+'].sys.database_principals  du (nolock) on dp.grantee_principal_id = du.principal_id
        where dp.class_desc=''SCHEMA''
        and du.name not in(
        ''public'',
        ''TargetServersRole'',
        ''SQLAgentUserRole'',
        ''SQLAgentReaderRole'',
        ''SQLAgentOperatorRole'',
        ''DatabaseMailUserRole'',
        ''db_dtsadmin'',
        ''db_dtsltduser'',
        ''db_dtsoperator'',
        ''JOBUsers'',
        ''DTSUsers'',
        ''dbm_monitor'',
        ''replmonitor'',
        ''db_ssisadmin'',
        ''db_ssisltduser'',
        ''db_ssisoperator'',
        ''dc_operator'',
        ''dc_admin'',
        ''dc_proxy'',
        ''PolicyAdministratorRole'',
        ''ServerGroupAdministratorRole'',
        ''ServerGroupReaderRole'',
        ''UtilityCMRReader'',
        ''UtilityIMRWriter'',
        ''UtilityIMRReader''
        ) 
        and du.type in (''R'') 
        union all
        select ''use ['+@dbname+'] ;
        ''+dpe.state_desc + '' '' + dpe.permission_name + '' on ''+case when dpr.type=''S'' then ''USER::['' else ''ROLE::['' end + dpr.name + ''] to ['' + dpr1.name + '']''   COLLATE LATIN1_General_CI_AS
        from ['+@dbname+'].sys.database_permissions dpe
        join ['+@dbname+'].sys.database_principals dpr on dpe.major_id=dpr.principal_id
        join ['+@dbname+'].sys.database_principals dpr1 on dpe.grantee_principal_id=dpr1.principal_id
        where dpr.type in(''S'',''R'') and dpe.class_desc=''DATABASE_PRINCIPAL'' and  dpr1.type in (''R'')
        and dpr1.name not in(
        ''public'',
        ''TargetServersRole'',
        ''SQLAgentUserRole'',
        ''SQLAgentReaderRole'',
        ''SQLAgentOperatorRole'',
        ''DatabaseMailUserRole'',
        ''db_dtsadmin'',
        ''db_dtsltduser'',
        ''db_dtsoperator'',
        ''JOBUsers'',
        ''DTSUsers'',
        ''dbm_monitor'',
        ''replmonitor'',
        ''db_ssisadmin'',
        ''db_ssisltduser'',
        ''db_ssisoperator'',
        ''dc_operator'',
        ''dc_admin'',
        ''dc_proxy'',
        ''PolicyAdministratorRole'',
        ''ServerGroupAdministratorRole'',
        ''ServerGroupReaderRole'',
        ''UtilityCMRReader'',
        ''UtilityIMRWriter'',
        ''UtilityIMRReader''
        ) 
        union all
        select ''use ['+@dbname+'] ;
        ''+dp.state_desc + '' '' + dp.permission_name + '' on TYPE::[''+ s.name + ''].['' + o.name + ''] to ['' + du.name + '']'' COLLATE LATIN1_General_CI_AS
        from ['+@dbname+'].sys.database_permissions dp (nolock) 
        join ['+@dbname+'].sys.types  o (nolock) on dp.major_id = o.user_type_id
        join ['+@dbname+'].sys.database_principals du (nolock) on dp.grantee_principal_id = du.principal_id
        join ['+@dbname+'].sys.schemas s (nolock) on o.schema_id = s.schema_id
        where class_desc=''TYPE'' 
        and du.type in (''R'') 
        and du.name not in(
        ''public'',
        ''TargetServersRole'',
        ''SQLAgentUserRole'',
        ''SQLAgentReaderRole'',
        ''SQLAgentOperatorRole'',
        ''DatabaseMailUserRole'',
        ''db_dtsadmin'',
        ''db_dtsltduser'',
        ''db_dtsoperator'',
        ''JOBUsers'',
        ''DTSUsers'',
        ''dbm_monitor'',
        ''replmonitor'',
        ''db_ssisadmin'',
        ''db_ssisltduser'',
        ''db_ssisoperator'',
        ''dc_operator'',
        ''dc_admin'',
        ''dc_proxy'',
        ''PolicyAdministratorRole'',
        ''ServerGroupAdministratorRole'',
        ''ServerGroupReaderRole'',
        ''UtilityCMRReader'',
        ''UtilityIMRWriter'',
        ''UtilityIMRReader''
        ) 
        --and suser_sname(du.sid) is not null
        '
        insert into @temp_file(sql_text)
        exec (@cmd)
    
        /************用户拥有权限***************************/
        /*拥有对象的权限*//*拥有对象字段的权限*//*数据库权限*/
    
        select @cmd=
        'select 
        ''USE ['+@dbname+'];
        ''+dp.state_desc+'' ''+dp.permission_name+'' ON ''+s.name+''.[''+o.name+''] TO [''+du.name+'']''  COLLATE LATIN1_General_CI_AS
        from ['+@dbname+'].sys.all_objects o (nolock)
        join ['+@dbname+'].sys.database_permissions dp (nolock) on dp.major_id = o.object_id
        join ['+@dbname+'].sys.schemas s (nolock) on o.schema_id = s.schema_id
        join ['+@dbname+'].sys.database_principals  du (nolock) on dp.grantee_principal_id = du.principal_id
        where du.type in (''S'',''U'',''G'') and dp.class_desc =''OBJECT_OR_COLUMN'' and minor_id=0--为对象
        and du.name not in(''dbo'',''##MS_PolicyEventProcessingLogin##'',''##MS_AgentSigningCertificate##'',''##MS_PolicyTsqlExecutionLogin##'')
        and du.name not like ''%SQLServer2005%''
        union all
        select 
        ''USE ['+@dbname+'];
        ''+dp.state_desc+'' ''+dp.permission_name+'' ON ''+s.name+''.[''+o.name+''].[''+o.name+'']  TO [''+du.name+'']''  COLLATE LATIN1_General_CI_AS
        from ['+@dbname+'].sys.all_objects o (nolock)
        join ['+@dbname+'].sys.database_permissions dp (nolock) on dp.major_id = o.object_id--字段与对象的关系
        join ['+@dbname+'].sys.schemas s (nolock) on o.schema_id = s.schema_id
        join ['+@dbname+'].sys.all_columns c on c.object_id=o.object_id AND dp.minor_id=c.column_id --字段与权限的关系
        join ['+@dbname+'].sys.database_principals  du (nolock) on dp.grantee_principal_id = du.principal_id
        where du.type in (''S'',''U'',''G'') and dp.class_desc =''OBJECT_OR_COLUMN'' and minor_id=1--为字段
        and du.name not in(''dbo'',''##MS_PolicyEventProcessingLogin##'',''##MS_AgentSigningCertificate##'',''##MS_PolicyTsqlExecutionLogin##'')
        and du.name not like ''%SQLServer2005%''
        union all
        select ''use ['+@dbname+'] ;
         ''+dp.state_desc+'' ''+dp.permission_name+'' to [''+du.name+'']''   COLLATE LATIN1_General_CI_AS
        From ['+@dbname+'].sys.database_permissions dp (nolock)
        join ['+@dbname+'].sys.database_principals  du (nolock) on dp.grantee_principal_id = du.principal_id
        where dp.class_desc=''DATABASE'' and permission_name <>''CONNECT''
        and du.name not in(''dbo'',''##MS_PolicyEventProcessingLogin##'',''##MS_AgentSigningCertificate##'',''##MS_PolicyTsqlExecutionLogin##'')
        and du.name not like ''%SQLServer2005%''
        '
        insert into @temp_file(sql_text)
        exec (@cmd)
        
        /*用户拥有架构*//*用户拥有USER,role的权限*//*类型权限*/
    
        select @cmd='
        select ''use ['+@dbname+'] ;
        ''+dp.state_desc + '' '' + dp.permission_name + '' on SCHEMA::[''+ s.name + ''] to ['' + du.name + '']''    COLLATE LATIN1_General_CI_AS
        from ['+@dbname+'].sys.database_permissions dp (nolock)
        join ['+@dbname+'].sys.schemas s (nolock) on dp.major_id = s.schema_id
        join ['+@dbname+'].sys.database_principals  du (nolock) on dp.grantee_principal_id = du.principal_id
        where dp.class_desc=''SCHEMA''
        and du.name not in(''dbo'',''##MS_PolicyEventProcessingLogin##'',''##MS_AgentSigningCertificate##'',''##MS_PolicyTsqlExecutionLogin##'')
        and du.name not like ''%SQLServer2005%''
        and du.type in (''S'',''U'',''G'') 
        union all
        select ''use ['+@dbname+'] ;
        ''+dpe.state_desc + '' '' + dpe.permission_name + '' on ''+case when dpr.type=''S'' then ''USER::['' else ''ROLE::['' end + dpr.name + ''] to ['' + dpr1.name + '']''   COLLATE LATIN1_General_CI_AS
        from ['+@dbname+'].sys.database_permissions dpe
        join ['+@dbname+'].sys.database_principals dpr on dpe.major_id=dpr.principal_id
        join ['+@dbname+'].sys.database_principals dpr1 on dpe.grantee_principal_id=dpr1.principal_id
        where dpr.type in(''S'',''R'') and dpe.class_desc=''DATABASE_PRINCIPAL'' and  dpr1.type in (''S'',''U'',''G'')
        and dpr1.name not in(''dbo'',''##MS_PolicyEventProcessingLogin##'',''##MS_AgentSigningCertificate##'',''##MS_PolicyTsqlExecutionLogin##'')
        and dpr1.name not like ''%SQLServer2005%''
        union all
        select ''use ['+@dbname+'] ;
        ''+dp.state_desc + '' '' + dp.permission_name + '' on TYPE::[''+ s.name + ''].['' + o.name + ''] to ['' + du.name + '']'' COLLATE LATIN1_General_CI_AS
        from ['+@dbname+'].sys.database_permissions dp (nolock) 
        join ['+@dbname+'].sys.types  o (nolock) on dp.major_id = o.user_type_id
        join ['+@dbname+'].sys.database_principals du (nolock) on dp.grantee_principal_id = du.principal_id
        join ['+@dbname+'].sys.schemas s (nolock) on o.schema_id = s.schema_id
        where class_desc=''TYPE'' 
        and du.type in (''S'',''U'',''G'') 
        and du.name not in(''dbo'',''##MS_PolicyEventProcessingLogin##'',''##MS_AgentSigningCertificate##'',''##MS_PolicyTsqlExecutionLogin##'')
        and du.name not like ''%SQLServer2005%''
        --and suser_sname(du.sid) is not null
        '
        --print (@cmd)
        insert into @temp_file(sql_text)
        exec (@cmd)
    
    end
    /*轮训下一个数据库*/
    fetch next from  db_table_cursor into  @dbname
    end
    /*关闭和删除游标*/
    CLOSE db_table_cursor
    DEALLOCATE db_table_cursor
    
    
    if @filepath is null
       select sql_text from @temp_file order by id
    else  --将结果导出到@bcpfilename文件中
        begin
           if object_id('tempdb..##tb_result_SQLPermissions_user') is not null
                drop table ##tb_result_SQLPermissions_user
           create table ##tb_result_SQLPermissions_user(id int ,sql_text varchar(max))
           insert into ##tb_result_SQLPermissions_user select id,sql_text from @temp_file order by id
           select @cmd='master..xp_cmdshell ''bcp "select sql_text from ##tb_result_SQLPermissions_user order by id" queryout '+@filepath+' -T -c -S'+@@servername+''''
           exec (@cmd)    
           drop table ##tb_result_SQLPermissions_user
    end
    View Code
  • 相关阅读:
    HashMap源码解析
    如何同时运行两个Tomcat
    Thymeleaf遍历List<Map>和Map<>
    Apache POI详解
    如何管理系统的右键新建菜单
    datatable的dom配置
    如何获取Html的height和width属性(网页宽、高)
    什么是跨域?如何解决跨域问题?
    C# 各类文件扩展名
    C# 接口与抽象类的区别? 什么情景下使用接口,什么情景下使用抽象类?
  • 原文地址:https://www.cnblogs.com/chhuang/p/3942213.html
Copyright © 2011-2022 走看看