MS SQL 批量給存儲過程/函數授權

　　在工作當中遇到一個類似這樣的問題：要對數據庫賬戶的權限進行清理、設置，其中有一個用戶Test，只能擁有數據庫MyAssistant的DML(更新、插入、刪除等)操作權限，另外擁有執行數據庫存儲過程、函數的權限，但是不能進行DDL操作（包括新建、修改表、存儲過程等...），於是需要設置登錄名Test的相關權限：

1：右鍵單擊登錄名Test的屬性.

2: 在服務器角色里面選擇"public"服務器角色。

3：在用戶映射選項當中，選擇"db_datareader"、"db_datawriter"、"public"三個數據庫角色成員。

此時，已經實現了擁有DML操作權限，如果需要擁有存儲過程和函數的執行權限，必須使用GRANT語句去授權，一個生產庫的存儲過程和函數加起來成千上百，如果手工執行的話，那將是一個辛苦的體力活，而我手頭有十幾個庫，所以必須用腳本去實現授權過程。下面是我寫的一個存儲過程，亮點主要在於會判斷存儲過程、函數是否已經授予了EXE或SELECT權限給某個用戶。這里主要用到了安全目錄試圖sys.database_permissions，例如，數據庫里面有個存儲過程dbo.sp_authorize_right，如果這個存儲過程授權給Test用戶了話，那么在目錄試圖sys.database_permissions里面會有一條記錄,如下所示：

如果我將該存儲過程授予EXEC權限給TEST1，那么

GRANT EXEC ON dbo.sp_diskcapacity_cal TO Test;

GRANT EXEC ON dbo.sp_diskcapacity_cal TO Test1;

SELECT * FROM sys.sysusers WHERE name ='Test' OR name ='Test1'

其實grantee_principal_id代表向其授予權限的數據庫主體 ID ，所以我就能通過上面兩個視圖來判斷存儲過程是否授予執行權限給用戶Test與否，同理，對於函數也是如此，存儲過程如下所示，其實這個存儲過程還可以擴展，如果您有特殊的需要的話。

Code Snippet

1. USE MyAssistant;
2. GO
3.  
4. SET ANSI_NULLS ON;
5. GO
6.  
7. SET QUOTED_IDENTIFIER ON
8. GO
9.  
10. IF EXISTS(SELECT 1 FROM sysobjects WHERE id=OBJECT_ID(N'sp_authorize_right')
11.                                      AND OBJECTPROPERTY(id, 'IsProcedure') =1)
12.     DROP PROCEDURE sp_authorize_right;
13. GO
14. --====================================================================================================
15. --        ProcedureName        :            sp_authorize_right
16. --        Author               :            Kerry    
17. --        CreateDate           :            2013-05-10                
18. --        Blog                 :            www.cnblogs.com/kerrycode/        
19. --        Description          :            將數據庫的所有自定義存儲過程或自定義函數賦權給某個用戶(可以繼續擴展)
20. /*****************************************************************************************************
21.         Parameter              :                         參數說明
22. ******************************************************************************************************
23.         @type                  :  'P'  代表存儲過程 , 'F' 代表存儲過程，如果需要可以擴展其它對象
24.         @user                  :  某個用戶賬戶
25. ******************************************************************************************************
26.     Modified Date        Modified User        Version                    Modified Reason
27. ******************************************************************************************************
28.     2013-05-13           Kerry                 V01.00.01             排除系統存儲過程和系統函數的授權處理
29.     2013-05-14           Kerry                 V01.00.02             增加判斷,如果某個存儲過程已經賦予權限
30.                                                                      則不做任何操作
31. *****************************************************************************************************/
32. --====================================================================================================
33. CREATE PROCEDURE sp_authorize_right
34. (
35.     @type        AS   CHAR(10)    ,
36.     @user        AS     VARCHAR(20)
37. )
38. AS
39.  
40.   DECLARE @sqlTextVARCHAR(1000);
41.   DECLARE @UserId    INT;
42.  
43. SELECT @UserId = uid FROM sys.sysusers WHERE name=@user;
44.  
45.     IF @type = 'P'
46.       BEGIN
47.         CREATE TABLE #ProcedureName( SqlText  VARCHAR(max));
48.         
49.             INSERT  INTO #ProcedureName
50.             SELECT  'GRANT EXECUTE ON ' + p.name + ' TO ' + @user + ';'
51.             FROM    sys.procedures p
52.             WHERE   NOT EXISTS( SELECT 1
53.                                  FROM   sys.database_permissions r
54.                                  WHERE  r.major_id = p.object_id
55.                                         AND r.grantee_principal_id = @UserId
56.                                         AND r.permission_name IS NOT  NULL )
57.                             
58.     
59.             SELECT * FROM #ProcedureName;
60.             --SELECT  'GRANT EXECUTE ON ' + NAME + ' TO ' +@user +';'
61.             --FROM    sys.procedures;
62.             --SELECT 'GRANT EXECUTE ON ' + [name] + ' TO ' +@user +';'
63.             -- FROM sys.all_objects
64.             --WHERE [type]='P' OR [type]='X' OR [type]='PC'
65.             
66.         DECLARE cr_procedure CURSOR FOR
67.             SELECT * FROM #ProcedureName;
68.             
69.         OPEN cr_procedure;
70.         
71.         FETCH NEXT FROM cr_procedure  INTO @sqlText;
72.         
73.         WHILE @@FETCH_STATUS = 0
74.         BEGIN
75.         
76.             EXECUTE(@sqlText);
77.             
78.             FETCH NEXT FROM cr_procedure INTO @sqlText;
79.         END    
80.         
81.         CLOSE cr_procedure;
82.         DEALLOCATE cr_procedure;
83.         
84.       END
85.     ELSE
86.         IF @type='F'
87.            BEGIN
88.                 
89.                CREATE TABLE #FunctionSet( functionName VARCHAR(1000));
90.                
91.             INSERT  INTO #FunctionSet
92.             SELECT  'GRANT EXEC ON ' + name + ' TO ' + @user + ';'
93.             FROM    sys.all_objects s
94.             WHERE   NOT EXISTS( SELECT 1
95.                                  FROM   sys.database_permissions p
96.                                  WHERE  p.major_id = s.object_id
97.                                     AND  p.grantee_principal_id = @UserId)
98.                     AND schema_id = SCHEMA_ID('dbo')
99.                     AND( s.[type] = 'FN'
100.                           OR s.[type] = 'AF'
101.                           OR s.[type] = 'FS'
102.                           OR s.[type] = 'FT'
103.                         ) ;
104.  
105.               SELECT * FROM #FunctionSet;
106.                     --SELECT 'GRANT EXEC ON ' + name + ' TO ' + @user +';' FROM sys.all_objects
107.                     -- WHERE schema_id =schema_id('dbo')
108.                     --     AND ([type]='FN' OR [type] ='AF' OR [type]='FS' OR [type]='FT' );
109.                 
110.             INSERT  INTO #FunctionSet
111.             SELECT  'GRANT SELECT ON ' + name + ' TO ' + @user + ';'
112.             FROM    sys.all_objects s
113.             WHERE   NOT EXISTS( SELECT 1
114.                                  FROM   sys.database_permissions p
115.                                  WHERE  p.major_id = s.object_id
116.                                     AND  p.grantee_principal_id = @UserId)
117.                     AND schema_id = SCHEMA_ID('dbo')
118.                     AND( s.[type] = 'TF'
119.                           OR s.[type] = 'IF'
120.                         ) ;    
121.                         
122.                 SELECT * FROM #FunctionSet;
123.                 --SELECT 'GRANT SELECT ON ' + name + ' TO ' + @user +';' FROM sys.all_objects
124.                 -- WHERE schema_id =schema_id('dbo')
125.                 --     AND ([type]='TF' OR  [type]='IF') ;         
126.                          
127.                     
128.                DECLARE cr_Function CURSOR FOR
129.                     SELECT functionName FROM #FunctionSet;
130.                     
131.                 OPEN cr_Function;
132.                 
133.                 FETCH NEXT FROM cr_Function INTO @sqlText;
134.                 
135.                 WHILE @@FETCH_STATUS = 0
136.                 BEGIN    
137.                     PRINT(@sqlText);
138.                     EXEC(@sqlText);
139.                 
140.                     FETCH NEXT FROM cr_Function INTO @sqlText;
141.                 END
142.                 
143.                 CLOSE cr_Function;
144.                 DEALLOCATE cr_Function;
145.                 
146.                 
147.            END
148. GO