Creating and Managing User-Defined Roles

By - 

What Permissions Can Be Assigned to user-define roles?





Before we start, we first look at what permission can be assigned to user-defined roles. To do that, execute the following SQL Server query:







USE [master] 
GO

SELECT * FROM sys.fn_builtin_permissions(DEFAULT) 
WHERE [class_desc] IN ('ENDPOINT','LOGIN','SERVER','AVAILABILITY GROUP','SERVER ROLE') 
ORDER BY [class_desc], [permission_name]
GO







Creating user-defined roles with T-SQL



 





You can use CREATE SERVER ROLE statement to create user-defined server role as shown in the following listing in which I’m creating user-defined server role called ApplicationDBA using this statement:







USE [master]
GO

CREATE SERVER ROLE [ApplicationDBA]
GO









However, this group cannot control the server (see below):







USE [master]
GO

--Granting server-wide permissions
GRANT CREATE ANY DATABASE TO [ApplicationDBA]
GRANT VIEW ANY DATABASE TO [ApplicationDBA]
GRANT VIEW ANY DEFINITION TO [ApplicationDBA]
GRANT VIEW SERVER STATE TO [ApplicationDBA]
GRANT ALTER ANY LOGIN TO [ApplicationDBA]
GO

--Denying server-wide permissions
DENY CONTROL SERVER TO [ApplicationDBA]
GO







Adding members for user-defined roles





You can use ALTER SERVER ROLE to add members to user-defined role (see below):







USE [master]
GO

ALTER SERVER ROLE [ApplicationDBA] ADD MEMBER [DevelopmentDBA]
GO

ALTER SERVER ROLE [ApplicationDBA] ADD MEMBER [IITCUK\SQLAdministrator]
GO







Making user-defined role member of fixed server roles





We can also make your user-defined role member of any existing server role. For example in the code below I’m adding ApplicationDBA server role to dbcreator fixed server role(see below):







USE [master]
GO

ALTER SERVER ROLE [dbcreator] ADD MEMBER [ApplicationDBA]
GO







To drop user-define role we can user DROP SERVER ROLE statement as follow:







USE [master]
GO

DROP SERVER ROLE [ApplicationDBA]
GO

Comments

Post a Comment

Popular posts from this blog

Index Clean-Up Scripts

By -
dropping un-used ones, adding missing ones, and fine-tuning the ones I already have. I thought I’d share some of the scripts I’ve been using to accomplish this. Un-Used Indexes Script Declare @dbid int     , @dbName varchar(100);   Select @dbid = DB_ID()     , @dbName = DB_Name();   With partitionCTE (object_id, index_id, row_count, partition_count)  As (     Select [object_id]         , index_id         , Sum([rows]) As 'row_count'         , Count(partition_id) As 'partition_count'     From sys.partitions     Group By [object_id]         , index_id )    Select Object_Name(i.[object_id]) as objectName         , i.name         , Case              When i.is_unique = 1          ...
Read more

forgot sa password and no logins are added

By -
Image
Stop the SQL services Edit the properties of the SQL Service Change the startup parameters of the SQL service by adding a  –m;  in front of the existing parameters Start the SQL services. These are now running in Single User Mode. Start CMD on tthe SQL server Start the SQLCMD command. Now we create a new user. Enter following commands CREATE LOGIN recovery WITH PASSWORD = ‘TopSecret 1′ (Remember SQL server has default strong password policy Go Now this user is created Now we grant the user a SYSADMIN roles using the same SQLCMD window. sp_addsrvrolemember ‘recovery’, ‘sysadmin’ go
Read more

The SQL Server DBA’s Guide to Teradata

By -
Being a long-time devotee of all things Microsoft SQL Server, I had quite a bit of learning to do to get up to speed on our new Teradata appliance. This guide attempts to distill some of what I have learned. I will primarily focus on what I have found most lacking: examples of how to convert SQL Server T-SQL to Teradata SQL. This guide will use the vendor-supplied sample databases:  SQL Server’s AdventureWorksDW2012 , and the  Teradata’s Express 14.0 Retail database . Also, while this is probably self explanatory, the “mufford” object referenced in the Teradata examples is simply my own personal sandbox. You’ll need to replace any “mufford” reference to whatever your development sandbox may be named. Release History: 2012-08-17 – Added UPDATE examples; reformatted 2012-08-12 – Added date examples 2012-08-08 – Initial Release SELECT Statements Simple SELECT SQL Server: Best practice is to qualify the table schema; qualifying the database is optional unless ...
Read more