Stored Procedure to assign permissions

This is a useful stored procedure for assigning permissions to users quickly and easily. We tend to assign a new login to each application we develop, this way we limit the damage possible in the event of a username/password compromise.

/*--------------------------------------------------------------------------
Automatically assign the role permissions
--------------------------------------------------------------------------*/

USE DatabaseName
SET NOCOUNT ON

DECLARE @objName varchar(80)
DECLARE @objType char(2)
DECLARE @username varchar(100)
SET @username = 'UserNameToAssignPermissionsTo'

DECLARE grant_perms_on_sps CURSOR FOR
SELECT name, type
FROM SYSOBJECTS
WHERE
  (
    (type = 'P')
   OR
    (type = 'FN')
   OR
    (type = 'TF')
   OR
    (type = 'U')
   OR
    (type = 'V')
  )
 AND
  uid = 1
 AND
  status > -1
 AND
  LEFT(name, 3) <> 'dt_' --See Note 1

OPEN grant_perms_on_sps
FETCH NEXT FROM grant_perms_on_sps
INTO @objName, @objType

WHILE @@FETCH_STATUS = 0
BEGIN
  IF @objType = 'P' OR @objType = 'FN'
  BEGIN
    EXEC ('GRANT EXECUTE ON dbo.' + @objName + ' TO ' + @username)
    PRINT ('GRANTED EXECUTE ON dbo.' + @objName + ' TO ' + @username)
  END

  IF @objType = 'TF'
  BEGIN
    EXEC ('GRANT SELECT ON dbo.' + @objName + ' TO ' + @username)
    PRINT ('GRANTED SELECT ON dbo.' + @objName + ' TO ' + @username)
  END

  FETCH NEXT FROM grant_perms_on_sps
  INTO @objName, @objType
END

CLOSE grant_perms_on_sps
DEALLOCATE grant_perms_on_sps

GO
------------------------------------------------------------------------

Note 1: In addition, we tend to prefix our database objects with useful prefixes to group relevant tables, i.e. if we had login information stored in the database we may use “Login_” as the prefix, using this method with this Stored Procedure to assign permissions you can easily select the relevant objects. So you could alter the stored procedure a touch:

DECLARE @prefix varchar(100)
SET @prefix = 'PrefixToUse'

LEFT(name, LEN(@prefix)) = @prefix

Author

Tim

comments powered by Disqus