Permissions script for SQL Permissions

download Permissions script for SQL Permissions

of 72

  • date post

    27-Dec-2014
  • Category

    Education

  • view

    627
  • download

    7

Embed Size (px)

description

 

Transcript of Permissions script for SQL Permissions

  • 1. /*********** Permissions Script for WRON023KEYKO Login ##MS_PolicyEventProcessingLogin##Generated 2011-10-16 16:22:45 ***************/--Scripting Server Login (password is null) and Default Database/* For security reasons the login is created disabled and with a random password. */IF NOT EXISTS (SELECT * FROM sys.server_principals WHERE name =N##MS_PolicyEventProcessingLogin##)BEGINCREATE LOGIN [##MS_PolicyEventProcessingLogin##] WITHPASSWORD=NKN_g_!@z7_O_VU#4, DEFAULT_DATABASE=[master],DEFAULT_LANGUAGE=[us_english], CHECK_EXPIRATION=OFF, CHECK_POLICY=ONALTER LOGIN [##MS_PolicyEventProcessingLogin##] DISABLEEND--Scripting Server RolesUSE [master]GO--Grant Database AccessIF NOT EXISTS (SELECT * FROM sys.database_principals WHERE name =N##MS_PolicyEventProcessingLogin##)CREATE USER [##MS_PolicyEventProcessingLogin##] FOR LOGIN[##MS_PolicyEventProcessingLogin##] WITH DEFAULT_SCHEMA=[dbo]--Scripting Object and Statement PermissionsUSE [master]GOGrant CONNECT ON Database::[master] TO [##MS_PolicyEventProcessingLogin##]GOUSE [master]GOGrant EXECUTE ON [sys].[sp_syspolicy_execute_policy] TO[##MS_PolicyEventProcessingLogin##]GOUSE [msdb]GO
  • 2. --Grant Database AccessIF NOT EXISTS (SELECT * FROM sys.database_principals WHERE name =N##MS_PolicyEventProcessingLogin##)CREATE USER [##MS_PolicyEventProcessingLogin##] FOR LOGIN[##MS_PolicyEventProcessingLogin##] WITH DEFAULT_SCHEMA=[dbo]--Create Database RoleUSE [msdb]GOIF NOT EXISTS (SELECT * FROM sys.database_principals WHERE name =NPolicyAdministratorRole AND type = R)CREATE ROLE [PolicyAdministratorRole] AUTHORIZATION [dbo]USE [msdb]GOGrant EXECUTE ON [dbo].[sp_syspolicy_add_condition] TO [PolicyAdministratorRole]GOUSE [msdb]GOGrant EXECUTE ON [dbo].[sp_syspolicy_add_object_set] TO [PolicyAdministratorRole]GOUSE [msdb]GOGrant EXECUTE ON [dbo].[sp_syspolicy_add_policy] TO [PolicyAdministratorRole]GOUSE [msdb]GOGrant EXECUTE ON [dbo].[sp_syspolicy_add_policy_category] TO [PolicyAdministratorRole]GOUSE [msdb]GOGrant EXECUTE ON [dbo].[sp_syspolicy_add_policy_category_subscription] TO[PolicyAdministratorRole]GOUSE [msdb]GOGrant EXECUTE ON [dbo].[sp_syspolicy_add_target_set] TO [PolicyAdministratorRole]GOUSE [msdb]GOGrant EXECUTE ON [dbo].[sp_syspolicy_add_target_set_level] TO [PolicyAdministratorRole]GOUSE [msdb]GO
  • 3. Grant EXECUTE ON [dbo].[sp_syspolicy_configure] TO [PolicyAdministratorRole]GOUSE [msdb]GOGrant EXECUTE ON [dbo].[sp_syspolicy_create_purge_job] TO [PolicyAdministratorRole]GOUSE [msdb]GOGrant EXECUTE ON [dbo].[sp_syspolicy_delete_condition] TO [PolicyAdministratorRole]GOUSE [msdb]GOGrant EXECUTE ON [dbo].[sp_syspolicy_delete_object_set] TO [PolicyAdministratorRole]GOUSE [msdb]GOGrant EXECUTE ON [dbo].[sp_syspolicy_delete_policy] TO [PolicyAdministratorRole]GOUSE [msdb]GOGrant EXECUTE ON [dbo].[sp_syspolicy_delete_policy_category] TO [PolicyAdministratorRole]GOUSE [msdb]GOGrant EXECUTE ON [dbo].[sp_syspolicy_delete_policy_category_subscription] TO[PolicyAdministratorRole]GOUSE [msdb]GOGrant EXECUTE ON [dbo].[sp_syspolicy_dispatch_event] TO [PolicyAdministratorRole]GOUSE [msdb]GOGrant EXECUTE ON [dbo].[sp_syspolicy_log_policy_execution_detail] TO[PolicyAdministratorRole]GOUSE [msdb]GOGrant EXECUTE ON [dbo].[sp_syspolicy_log_policy_execution_end] TO[PolicyAdministratorRole]GOUSE [msdb]GOGrant EXECUTE ON [dbo].[sp_syspolicy_log_policy_execution_start] TO[PolicyAdministratorRole]GOUSE [msdb]
  • 4. GOGrant EXECUTE ON [dbo].[sp_syspolicy_purge_health_state] TO [PolicyAdministratorRole]GOUSE [msdb]GOGrant EXECUTE ON [dbo].[sp_syspolicy_purge_history] TO [PolicyAdministratorRole]GOUSE [msdb]GOGrant EXECUTE ON [dbo].[sp_syspolicy_rename_condition] TO [PolicyAdministratorRole]GOUSE [msdb]GOGrant EXECUTE ON [dbo].[sp_syspolicy_rename_policy] TO [PolicyAdministratorRole]GOUSE [msdb]GOGrant EXECUTE ON [dbo].[sp_syspolicy_rename_policy_category] TO [PolicyAdministratorRole]GOUSE [msdb]GOGrant EXECUTE ON [dbo].[sp_syspolicy_repair_policy_automation] TO[PolicyAdministratorRole]GOUSE [msdb]GOGrant EXECUTE ON [dbo].[sp_syspolicy_set_config_enabled] TO [PolicyAdministratorRole]GOUSE [msdb]GOGrant EXECUTE ON [dbo].[sp_syspolicy_set_config_history_retention] TO[PolicyAdministratorRole]GOUSE [msdb]GOGrant EXECUTE ON [dbo].[sp_syspolicy_set_log_on_success] TO [PolicyAdministratorRole]GOUSE [msdb]GOGrant EXECUTE ON [dbo].[sp_syspolicy_update_condition] TO [PolicyAdministratorRole]GOUSE [msdb]GOGrant EXECUTE ON [dbo].[sp_syspolicy_update_policy] TO [PolicyAdministratorRole]GOUSE [msdb]GO
  • 5. Grant EXECUTE ON [dbo].[sp_syspolicy_update_policy_category] TO [PolicyAdministratorRole]GOUSE [msdb]GOGrant EXECUTE ON [dbo].[sp_syspolicy_update_policy_category_subscription] TO[PolicyAdministratorRole]GOUSE [msdb]GOGrant EXECUTE ON [dbo].[sp_syspolicy_update_target_set] TO [PolicyAdministratorRole]GOUSE [msdb]GOGrant EXECUTE ON [dbo].[sp_syspolicy_update_target_set_level] TO [PolicyAdministratorRole]GOUSE [msdb]GOGrant EXECUTE ON [dbo].[sp_syspolicy_verify_object_set_identifiers] TO[PolicyAdministratorRole]GOUSE [msdb]GOGrant SELECT ON [dbo].[syspolicy_conditions] TO [PolicyAdministratorRole]GOUSE [msdb]GOGrant SELECT ON [dbo].[syspolicy_configuration] TO [PolicyAdministratorRole]GOUSE [msdb]GOGrant SELECT ON [dbo].[syspolicy_object_sets] TO [PolicyAdministratorRole]GOUSE [msdb]GOGrant SELECT ON [dbo].[syspolicy_policies] TO [PolicyAdministratorRole]GOUSE [msdb]GOGrant SELECT ON [dbo].[syspolicy_policy_categories] TO [PolicyAdministratorRole]GOUSE [msdb]GOGrant SELECT ON [dbo].[syspolicy_policy_category_subscriptions] TO[PolicyAdministratorRole]GOUSE [msdb]GO
  • 6. Grant SELECT ON [dbo].[syspolicy_policy_execution_history] TO [PolicyAdministratorRole]GOUSE [msdb]GOGrant SELECT ON [dbo].[syspolicy_policy_execution_history_details] TO[PolicyAdministratorRole]GOUSE [msdb]GOGrant SELECT ON [dbo].[syspolicy_system_health_state] TO [PolicyAdministratorRole]GOUSE [msdb]GOGrant SELECT ON [dbo].[syspolicy_target_set_levels] TO [PolicyAdministratorRole]GOUSE [msdb]GOGrant SELECT ON [dbo].[syspolicy_target_sets] TO [PolicyAdministratorRole]GO--Scripting Database Role MembersUSE [msdb]GOexec sp_addrolemember NPolicyAdministratorRole, N##MS_PolicyEventProcessingLogin##GO--Create Database RoleUSE [msdb]GOIF NOT EXISTS (SELECT * FROM sys.database_principals WHERE name = NSQLAgentOperatorRoleAND type = R)CREATE ROLE [SQLAgentOperatorRole] AUTHORIZATION [dbo]USE [msdb]GOGrant EXECUTE ON [dbo].[sp_enum_login_for_proxy] TO [SQLAgentOperatorRole]GOUSE [msdb]GOGrant EXECUTE ON [dbo].[sp_help_alert] TO [SQLAgentOperatorRole]GOUSE [msdb]GOGrant EXECUTE ON [dbo].[sp_help_notification] TO [SQLAgentOperatorRole]GO
  • 7. USE [msdb]GOGrant EXECUTE ON [dbo].[sp_help_targetserver] TO [SQLAgentOperatorRole]GOUSE [msdb]GOGrant EXECUTE ON [dbo].[sp_purge_jobhistory] TO [SQLAgentOperatorRole]GOUSE [msdb]GOGrant SELECT ON [dbo].[sysalerts] TO [SQLAgentOperatorRole]GOUSE [msdb]GOGrant SELECT ON [dbo].[sysnotifications] TO [SQLAgentOperatorRole]GOUSE [msdb]GOGrant SELECT ON [dbo].[sysoperators] TO [SQLAgentOperatorRole]GOexec sp_addrolemember NSQLAgentOperatorRole, N##MS_PolicyEventProcessingLogin##GO--Create Database RoleUSE [msdb]GOIF NOT EXISTS (SELECT * FROM sys.database_principals WHERE name = NSQLAgentReaderRoleAND type = R)CREATE ROLE [SQLAgentReaderRole] AUTHORIZATION [dbo]exec sp_addrolemember NSQLAgentReaderRole, N##MS_PolicyEventProcessingLogin##GO--Create Database RoleUSE [msdb]GOIF NOT EXISTS (SELECT * FROM sys.database_principals WHERE name = NSQLAgentUserRole ANDtype = R)CREATE ROLE [SQLAgentUserRole] AUTHORIZATION [dbo]USE [msdb]GOGrant EXECUTE ON [dbo].[sp_add_job] TO [SQLAgentUserRole]GO
  • 8. USE [msdb]GOGrant EXECUTE ON [dbo].[sp_add_jobschedule] TO [SQLAgentUserRole]GOUSE [msdb]GOGrant EXECUTE ON [dbo].[sp_add_jobserver] TO [SQLAgentUserRole]GOUSE [msdb]GOGrant EXECUTE ON [dbo].[sp_add_jobstep] TO [SQLAgentUserRole]GOUSE [msdb]GOGrant EXECUTE ON [dbo].[sp_add_schedule] TO [SQLAgentUserRole]GOUSE [msdb]GOGrant EXECUTE ON [dbo].[sp_addtask] TO [SQLAgentUserRole]GOUSE [msdb]GOGrant EXECUTE ON [dbo].[sp_attach_schedule] TO [SQLAgentUserRole]GOUSE [msdb]GOGrant EXECUTE ON [dbo].[sp_check_for_owned_jobs] TO [SQLAgentUserRole]GOUSE [msdb]GOGrant EXECUTE ON [dbo].[sp_check_for_owned_jobsteps] TO [SQLAgentUserRole]GOUSE [msdb]GOGrant EXECUTE ON [dbo].[sp_delete_job] TO [SQLAgentUserRole]GOUSE [msdb]GOGrant EXECUTE ON [dbo].[sp_delete_jobschedule] TO [SQLAgentUserRole]GOUSE [msdb]GOGrant EXECUTE ON [dbo].[sp_delete_jobserver] TO [SQLAgentUserRole]GOUSE [msdb]GOGrant EXECUTE ON [dbo].[sp_delete_jobstep] TO [SQLAgentUserRole]
  • 9. GOUSE [msdb]GOGrant EXECUTE ON [dbo].[sp_delete_jobsteplog] TO [SQLAgentUserRole]GOUSE [msdb]GOGrant EXECUTE ON [dbo].[sp_delete_schedule] TO [SQLAgentUserRole]GOUSE [msdb]GOGrant EXECU