Added SQL script
This commit is contained in:
Floris van Enter
parent
483b01e2e1
commit
2debe31391
81
TSQL/Create_SQL_Server_login_with_roles.sql
Normal file
81
TSQL/Create_SQL_Server_login_with_roles.sql
Normal file
@ -0,0 +1,81 @@
|
||||
/*
|
||||
|
||||
Create SQL Server service login with roles - SQL Server 2008, SQL Server 2008 R2, SQL Server 2012, SQL Server 2014, and SQL Server 2016
|
||||
|
||||
For a specific application create an account with minimal rights to run with a custom role.
|
||||
|
||||
You can contact me by e-mail at floris@entermi.nl.
|
||||
|
||||
Last updated 1 December, 2017.
|
||||
|
||||
Floris van Enter
|
||||
http://entermi.nl
|
||||
*/
|
||||
|
||||
USE [master]
|
||||
GO
|
||||
|
||||
/* For security reasons the login is created disabled and with a random password. */
|
||||
CREATE LOGIN [ServiceAccountName] WITH PASSWORD=N'QbMFvznXm//yhwwk/xsZfwwL/fVRieg5piIWvdnwECI=', DEFAULT_DATABASE=[master], DEFAULT_LANGUAGE=[us_english], CHECK_EXPIRATION=OFF, CHECK_POLICY=ON;
|
||||
GO
|
||||
ALTER LOGIN [ServiceAccountName] DISABLE;
|
||||
GO
|
||||
|
||||
-- Create a custom role for the rights
|
||||
CREATE SERVER ROLE SomeCustomRoleName AUTHORIZATION sysadmin;
|
||||
GO
|
||||
|
||||
-- Give specific rights on the server to the role;
|
||||
GRANT VIEW ANY DEFINITION TO SomeCustomRoleName;
|
||||
GRANT ALTER TRACE TO SomeCustomRoleName;
|
||||
GRANT VIEW SERVER STATE TO SomeCustomRoleName;
|
||||
GO
|
||||
|
||||
USE [msdb];
|
||||
GO
|
||||
|
||||
CREATE USER [ServiceAccountName] FOR LOGIN [ServiceAccountName] WITH DEFAULT_SCHEMA=[dbo]
|
||||
GO
|
||||
|
||||
EXEC sp_addrolemember @rolename = 'db_datareader', @membername = 'ServiceAccountName'
|
||||
EXEC sp_addrolemember @rolename = 'SQLAgentReaderRole', @membername = 'ServiceAccountName'
|
||||
GO
|
||||
|
||||
Use [master];
|
||||
GO
|
||||
|
||||
DECLARE @dbname VARCHAR(50)
|
||||
DECLARE @statement NVARCHAR(max)
|
||||
|
||||
DECLARE db_cursor CURSOR
|
||||
LOCAL FAST_FORWARD
|
||||
FOR SELECT [name]
|
||||
FROM [dbo].[sysdatabases]
|
||||
WHERE [name] NOT IN ('master', 'msdb','tempdb', 'model')
|
||||
|
||||
OPEN db_cursor
|
||||
FETCH NEXT FROM db_cursor INTO @dbname
|
||||
WHILE @@FETCH_STATUS = 0
|
||||
BEGIN
|
||||
SELECT @statement = 'USE ' + @dbname + ';' +
|
||||
'CREATE USER [ServiceAccountName] FOR LOGIN [ServiceAccountName];' +
|
||||
'EXEC sp_addrolemember @rolename = ''someRole'', @membername = ''ServiceAccountName'';' +
|
||||
'GRANT VIEW DATABASE STATE TO ServiceAccountName;'
|
||||
|
||||
EXEC sp_executesql @statement
|
||||
|
||||
FETCH NEXT FROM db_cursor INTO @dbname
|
||||
END
|
||||
|
||||
CLOSE db_cursor
|
||||
DEALLOCATE db_cursor
|
||||
|
||||
Use [tempdb];
|
||||
GO
|
||||
|
||||
CREATE USER [ServiceAccountName] FOR LOGIN [ServiceAccountName];
|
||||
EXEC sp_addrolemember @rolename = 'db_owner', @membername = 'ServiceAccountName';
|
||||
|
||||
Use [master];
|
||||
ALTER SERVER ROLE [SomeCustomRoleName] ADD MEMBER [ServiceAccountName]
|
||||
GO
|
||||
Loading…
x
Reference in New Issue
Block a user