Skip to main content

How to add multiple logins to a role

Sometimes I'm in a position where I have to restore a production database to a development server, but there are a whole bunch of logins (belonging to developers) that don't exist in production which do on the development instance that need adding to a role so they can perform DML.

A way to get around this is to create a separate database and table on the development server which has a list of the logins and the roles they need to be added to and add a piece of TSQL similar to that below to the database restore job which adds the logins to the correct role: 

--------------------------------
-- Create the database
--------------------------------
CREATE DATABASE UserManagement CONTAINMENT = NONE ON PRIMARY (
       NAME = N'UserManagement'
       ,FILENAME = N'C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\DATA\UserManagement.mdf'
       ,SIZE = 5120 KB
       ,FILEGROWTH = 1024 KB
       ) LOG ON (
       NAME = N'UserManagement_log'
       ,FILENAME = N'C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\DATA\UserManagement_log.ldf'
       ,SIZE = 1024 KB
       ,FILEGROWTH = 10 %
       )
GO
--------------------------------`
-- Create database to hold the usernames we will give permissions to
--------------------------------
USE UserManagement;
GO

CREATE TABLE LoginsToAdd (
       UserName VARCHAR(50)
       ,RoleName VARCHAR(50)
       ,DBName VARCHAR(20)
       )
--------------------------
-- Add the user accounts and the roles they need to the databases.
-- NB The logins need to exist already
--------------------------
USE UserManagement;
GO

INSERT LoginsToAdd(UserName, RoleName, DBName)
SELECT 'LSMith','db_datareader','DB1'
UNION ALL
SELECT 'JJones','db_datareader','DB1'
UNION ALL
SELECT 'FPatel','db_datareader','DB1'
UNION ALL
SELECT 'SDeSouza','db_datareader','DB1'
UNION ALL
SELECT 'PHewson','db_datareader','DB1'
UNION ALL
SELECT 'SBaldry','db_datareader','DB1'
UNION ALL
SELECT 'KCarrington','db_datareader','DB1'
--------------------------------
-- Create logins using a cursor
--------------------------------
PRINT 'Updating users/logins for DB1 database'

DECLARE @UserCommand VARCHAR(512)
       ,@UserName VARCHAR(255)
       ,@RoleName VARCHAR(255)

DECLARE UserCursor CURSOR
FOR
SELECT UserName
       ,RoleName
FROM LoginsToAdd
WHERE DBName = 'DB1'

OPEN UserCursor

FETCH UserCursor
INTO @UserName
       ,@RoleName

WHILE 0 = @@fetch_status
BEGIN
       PRINT '--> Adding user ' + @UserName + ' to role ' + @RoleName

       SET @UserCommand = 'USE [DB1];
IF  EXISTS (SELECT * FROM sys.database_principals WHERE name = N''' + @UserName + ''')
DROP USER [' + @UserName + '];
                          
CREATE USER [' + @UserName + '] FOR LOGIN [' + @UserName + '];

ALTER USER [' + @UserName + '] WITH DEFAULT_SCHEMA=[dbo];

EXEC sp_addrolemember N''' + @RoleName + ''', N''' + @UserName + ''';'

       EXECUTE (@UserCommand)

       FETCH UserCursor
       INTO @UserName
              ,@RoleName
END

CLOSE UserCursor

DEALLOCATE UserCursor

Comments

Post a Comment

Popular posts from this blog

How to create a custom Windows Event Log view and email trigger

The filtering on Windows event logs can be slow, clunky and although you can do it on fields like event ID, it seems that many event IDs are shared amongst many different errors – the event ID may match but the body of the error (therefore the actual error) may be completely unrelated. Fortunately, it is possible to filter on the contents of the body of the error message but it requires creating a custom XML query. Also, it would be handy to send out a notification email when this event gets logged. Read on to find out how to work this magic…. This example is looking for a  Warning  event  1309  for  ASP.NET 4.0.30319.0  on a web server. If you were to just filter the log on the criteria above today it would return 435 results because it is a fairly general error ID. If I filter it using XML for SqlException (what I’m really interested in) only 5 results are returned. So the first step is go to the Application Log and choose  Create Custom View…  Select the  XML  tab, check  Edit
Post a Comment
Read more

How to configure the SSAS service to use a Domain Account

NB Updating SPNs in AD is not for the faint hearted plus I got inconsistent results from different servers. Do so at your own risk! If you need the SSAS account on a SQL Server to use a domain account rather than the local “virtual” account “NT Service\MSSQLServerOLAPService”. You may think you just give the account login permissions to the server, perhaps give it sysadmin SQL permissions too. However, if you try and connect to SSAS  remotely  you may get this error: Authentication failed. (Microsoft.AnalysisService.AdomdClient) The target principal name is incorrect (Microsoft.AnalysisService.AdomdClient) From Microsoft: “A Service Principle Name (SPN) uniquely identifies a service instance in an Active Directory domain when Kerberos is used to mutually authenticate client and service identities. An SPN is associated with the logon account under which the service instance runs. For client applications connecting to Analysis Services via Kerberos authentication, th
Post a Comment
Read more

How to import a large xml file into SQL Server

(Or how to import the StackOverflow database into SQL Server) Introduction NB  This process can be generalised to import any large (>2G) xml file into SQL Server. Some SQL Server training you can find online including that by Brent Ozar uses the StackOverflow database for practice. The tables from it are available online for download in xml format. In the past it was possible to use the scripts found here, https://www.toadworld.com/platforms/sql-server/w/wiki/9466.how-to-import-the-stackoverflow-xml-into-sql-server , to import them but as each xml file is now over 2GB you will get an error like this when you try to execute them: Brent Ozar, has a link to SODDI.exe, https://github.com/BrentOzarULTD/soddi , which can import the files (I haven’t tried it) but it means downloading and importing eight tables: Badges, Comments, PostHistory, PostLinks, Posts, Tags, Users, and Votes tables which amounts to >30GB of compressed xml increasing to ~200GB when decompre
Post a Comment
Read more