Skip to main content

How to add multiple logins to a role

Sometimes I'm in a position where I have to restore a production database to a development server, but there are a whole bunch of logins (belonging to developers) that don't exist in production which do on the development instance that need adding to a role so they can perform DML.

A way to get around this is to create a separate database and table on the development server which has a list of the logins and the roles they need to be added to and add a piece of TSQL similar to that below to the database restore job which adds the logins to the correct role: 

--------------------------------
-- Create the database
--------------------------------
CREATE DATABASE UserManagement CONTAINMENT = NONE ON PRIMARY (
       NAME = N'UserManagement'
       ,FILENAME = N'C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\DATA\UserManagement.mdf'
       ,SIZE = 5120 KB
       ,FILEGROWTH = 1024 KB
       ) LOG ON (
       NAME = N'UserManagement_log'
       ,FILENAME = N'C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\DATA\UserManagement_log.ldf'
       ,SIZE = 1024 KB
       ,FILEGROWTH = 10 %
       )
GO
--------------------------------`
-- Create database to hold the usernames we will give permissions to
--------------------------------
USE UserManagement;
GO

CREATE TABLE LoginsToAdd (
       UserName VARCHAR(50)
       ,RoleName VARCHAR(50)
       ,DBName VARCHAR(20)
       )
--------------------------
-- Add the user accounts and the roles they need to the databases.
-- NB The logins need to exist already
--------------------------
USE UserManagement;
GO

INSERT LoginsToAdd(UserName, RoleName, DBName)
SELECT 'LSMith','db_datareader','DB1'
UNION ALL
SELECT 'JJones','db_datareader','DB1'
UNION ALL
SELECT 'FPatel','db_datareader','DB1'
UNION ALL
SELECT 'SDeSouza','db_datareader','DB1'
UNION ALL
SELECT 'PHewson','db_datareader','DB1'
UNION ALL
SELECT 'SBaldry','db_datareader','DB1'
UNION ALL
SELECT 'KCarrington','db_datareader','DB1'
--------------------------------
-- Create logins using a cursor
--------------------------------
PRINT 'Updating users/logins for DB1 database'

DECLARE @UserCommand VARCHAR(512)
       ,@UserName VARCHAR(255)
       ,@RoleName VARCHAR(255)

DECLARE UserCursor CURSOR
FOR
SELECT UserName
       ,RoleName
FROM LoginsToAdd
WHERE DBName = 'DB1'

OPEN UserCursor

FETCH UserCursor
INTO @UserName
       ,@RoleName

WHILE 0 = @@fetch_status
BEGIN
       PRINT '--> Adding user ' + @UserName + ' to role ' + @RoleName

       SET @UserCommand = 'USE [DB1];
IF  EXISTS (SELECT * FROM sys.database_principals WHERE name = N''' + @UserName + ''')
DROP USER [' + @UserName + '];
                          
CREATE USER [' + @UserName + '] FOR LOGIN [' + @UserName + '];

ALTER USER [' + @UserName + '] WITH DEFAULT_SCHEMA=[dbo];

EXEC sp_addrolemember N''' + @RoleName + ''', N''' + @UserName + ''';'

       EXECUTE (@UserCommand)

       FETCH UserCursor
       INTO @UserName
              ,@RoleName
END

CLOSE UserCursor

DEALLOCATE UserCursor

Comments

Post a Comment

Popular posts from this blog

How to configure the SSAS service to use a Domain Account

NB Updating SPNs in AD is not for the faint hearted plus I got inconsistent results from different servers. Do so at your own risk! If you need the SSAS account on a SQL Server to use a domain account rather than the local “virtual” account “NT Service\MSSQLServerOLAPService”. You may think you just give the account login permissions to the server, perhaps give it sysadmin SQL permissions too. However, if you try and connect to SSAS  remotely  you may get this error: Authentication failed. (Microsoft.AnalysisService.AdomdClient) The target principal name is incorrect (Microsoft.AnalysisService.AdomdClient) From Microsoft: “A Service Principle Name (SPN) uniquely identifies a service instance in an Active Directory domain when Kerberos is used to mutually authenticate client and service identities. An SPN is associated with the logon account under which the service instance runs. For client applications connecting to Analysis Services via Kerberos authentication, th
Post a Comment
Read more

Fun and games with the Management Data Warehouse (MDW and Data Collectors)

The SQL Server Management Data Warehouse (when you first come across it) seems to promise so much if the verbiage from Microsoft and some other websites is to to believed. But when you install it you may find that it is not as useful as it could be. This is a shame but we are currently only on v2 of the product with SQL 2012 so one hopes it will improve in subsequent versions. However, it probably is worth playing with if you have never used it before - at least you can show your boss some reports on general server health when he asks for it and you have nothing else in place. There is one big problem with it though if you decide that you don't want to use it any more, uninstalling it is not supported! Mad, I know. But as usual some very helpful people in the community have worked out, what seems to me, a pretty safe way of doing it. I had a problem with my MDW. The data collector jobs were causing a lot of deadlocking on some production servers and impacting performance. I
1 comment
Read more

SAN performance testing using SQLIO

Introduction This document describes how to use Microsoft’s SQLIO to test disk/SAN performance. It is biased towards SQL Server – which uses primarily 64KB and 8KB data pages so I am running the tests using those cluster sizes, however, other sizes can be specified.  Download SQLIO from https://www.microsoft.com/en-gb/download/details.aspx?id=20163   SQLIO is a command line tool with no GUI so you need to open a command prompt at  C:\Program Files (x86)\SQLIO  after you have installed it. Configuration First of all edit param.txt so that you create the test file we will be using. The file needs to be bigger than the combined RAID and on-board disk caches. In this case we are using a 50GB file. The “ 2”  refers to the number of threads to use when testing, you don’t need to change this now. The “ 0x0”  value indicates that all CPUs should be used, which you probably don’t want to change either, “ #”  is a comment. The only part you may want to change is 51200 (50GB) a
2 comments
Read more