Comments on: Grant EXECUTE Permissions on all Stored Procedures to a Single User http://facility9.com/2009/01/26/grant-execute-permissions-on-all-stored-procedures-to-a-single-user Jeremiah Peschka's ruminations on sql, ruby, c#, and other things Wed, 28 Jul 2010 14:05:12 -0400 http://wordpress.org/?v=2.9.2 hourly 1 By: Lead Internet http://facility9.com/2009/01/26/grant-execute-permissions-on-all-stored-procedures-to-a-single-user#comment-738 Lead Internet Wed, 19 Aug 2009 04:07:33 +0000 http://facility9.com/?p=292#comment-738 Thanks Jeremiah. Very simple solution that saves alot of time and works without looping. Thanks Jeremiah. Very simple solution that saves alot of time and works without looping.

]]> By: Denis Gobo http://facility9.com/2009/01/26/grant-execute-permissions-on-all-stored-procedures-to-a-single-user#comment-180 Denis Gobo Mon, 26 Jan 2009 21:24:29 +0000 http://facility9.com/?p=292#comment-180 My version is here http://wiki.lessthandot.com/index.php/Grant_Execute_Permissions_For_All_Stored_Procedures_To_A_User --Grab all the procedures for the current DB SELECT IDENTITY(INT,1,1) AS ID, SPECIFIC_NAME INTO #Procedurelist FROM INFORMATION_SCHEMA.ROUTINES --Only Procs WHERE OBJECTPROPERTY(OBJECT_ID(SPECIFIC_NAME),'IsMSShipped') =0 AND ROUTINE_TYPE='PROCEDURE' ORDER BY SPECIFIC_NAME DECLARE @Loopid INT, @MaxId INT, @UserName VARCHAR(50) --This is the user that will get the execute permissions SELECT @UserName = 'SomeUser' --Grab start and end values for the loop SELECT @Loopid = 1, @MaxId = MAX(ID) FROM #Procedurelist DECLARE @SQL VARCHAR(500), @ProcName VARCHAR(400) --This is where the loop starts WHILE @Loopid <= @MaxId BEGIN --grab the procedure name SELECT @ProcName = SPECIFIC_NAME FROM #Procedurelist WHERE ID = @Loopid --construct the statement SELECT @SQL = 'GRANT EXECUTE ON ' + @ProcName + ' TO ' + @UserName PRINT (@SQL) --change PRINT to EXECUTE if you want it to run automatically --increment counter SET @Loopid = @Loopid + 1 END --clean up DROP TABLE #Procedurelist My version is here

http://wiki.lessthandot.com/index.php/Grant_Execute_Permissions_For_All_Stored_Procedures_To_A_User

–Grab all the procedures for the current DB
SELECT IDENTITY(INT,1,1) AS ID,
SPECIFIC_NAME
INTO #Procedurelist
FROM INFORMATION_SCHEMA.ROUTINES –Only Procs
WHERE OBJECTPROPERTY(OBJECT_ID(SPECIFIC_NAME),’IsMSShipped’) =0
AND ROUTINE_TYPE=’PROCEDURE’
ORDER BY SPECIFIC_NAME

DECLARE
@Loopid INT,
@MaxId INT,
@UserName VARCHAR(50)

–This is the user that will get the execute permissions
SELECT @UserName = ‘SomeUser’

–Grab start and end values for the loop
SELECT @Loopid = 1,
@MaxId = MAX(ID)
FROM #Procedurelist

DECLARE
@SQL VARCHAR(500),
@ProcName VARCHAR(400)

–This is where the loop starts
WHILE @Loopid <= @MaxId BEGIN

–grab the procedure name
SELECT @ProcName = SPECIFIC_NAME
FROM #Procedurelist
WHERE ID = @Loopid

–construct the statement
SELECT @SQL = ‘GRANT EXECUTE ON ‘ + @ProcName + ‘ TO ‘ + @UserName
PRINT (@SQL) –change PRINT to EXECUTE if you want it to run automatically

–increment counter
SET @Loopid = @Loopid + 1
END

–clean up
DROP TABLE #Procedurelist

]]> By: Colin Stasiuk http://facility9.com/2009/01/26/grant-execute-permissions-on-all-stored-procedures-to-a-single-user#comment-179 Colin Stasiuk Mon, 26 Jan 2009 20:10:42 +0000 http://facility9.com/?p=292#comment-179 CREATE ROLE db_executor GRANT EXECUTE TO db_executor EXEC sp_addrolemember 'db_executor', '<>' This would work if you're looking to do it for all stored procedures. CREATE ROLE db_executor
GRANT EXECUTE TO db_executor
EXEC sp_addrolemember ‘db_executor’, ‘<>’

This would work if you’re looking to do it for all stored procedures.

]]> By: Michelle Ufford http://facility9.com/2009/01/26/grant-execute-permissions-on-all-stored-procedures-to-a-single-user#comment-178 Michelle Ufford Mon, 26 Jan 2009 19:56:31 +0000 http://facility9.com/?p=292#comment-178 I love this trick! Here's my version in case you're interested: Declare @schema_owner varchar(20); Set @schema_owner = 'dbo'; Select [name] As 'storedProcedure' , 'Grant Execute On ' + @schema_owner + '.' + [name] + ' To [insertDatabaseRoleHere];' As 'sqlCode' From sys.objects With (NoLock) Where [name] Not In ( Select o.name From sys.database_permissions p With (NoLock) Inner Join sys.objects o With (NoLock) On p.major_id = o.object_id Inner Join sys.database_principals u With (NoLock) On u.principal_id = p.grantee_principal_id Where u.name = '[insertDatabaseRoleHere]' ) And [type] = 'P'; There's a couple of differences between our scripts. Your script is used to set up a brand new user, and mine is to check for missing permissions for an existing database role. Also, you automatically execute, and mine you have to copy/paste/execute. But overall, pretty much the same thing, just different ways to get there. :) I love this trick! Here’s my version in case you’re interested:

Declare @schema_owner varchar(20);
Set @schema_owner = ‘dbo’;

Select [name] As ’storedProcedure’
, ‘Grant Execute On ‘ + @schema_owner + ‘.’ + [name]
+ ‘ To [insertDatabaseRoleHere];’ As ’sqlCode’
From sys.objects With (NoLock)
Where [name] Not In (
Select o.name
From sys.database_permissions p With (NoLock)
Inner Join sys.objects o With (NoLock)
On p.major_id = o.object_id
Inner Join sys.database_principals u With (NoLock)
On u.principal_id = p.grantee_principal_id
Where u.name = ‘[insertDatabaseRoleHere]‘
)
And [type] = ‘P’;

There’s a couple of differences between our scripts. Your script is used to set up a brand new user, and mine is to check for missing permissions for an existing database role. Also, you automatically execute, and mine you have to copy/paste/execute. But overall, pretty much the same thing, just different ways to get there. :)

]]> By: Jeremiah Peschka http://facility9.com/2009/01/26/grant-execute-permissions-on-all-stored-procedures-to-a-single-user#comment-177 Jeremiah Peschka Mon, 26 Jan 2009 18:15:42 +0000 http://facility9.com/?p=292#comment-177 No worries, I can definitely see why you would prefer OBJECT_SCHEMA_NAME() over SCHEMA_NAME(). Special thanks to both John Keyes (twitter.com/jckeyes) and Brian Davis (twitter.com/brian78) for confirming that SCHEMA_NAME() works on SQL Server 2005 RTM and SP1. No worries, I can definitely see why you would prefer OBJECT_SCHEMA_NAME() over SCHEMA_NAME(). Special thanks to both John Keyes (twitter.com/jckeyes) and Brian Davis (twitter.com/brian78) for confirming that SCHEMA_NAME() works on SQL Server 2005 RTM and SP1.

]]> By: Aaron Bertrand http://facility9.com/2009/01/26/grant-execute-permissions-on-all-stored-procedures-to-a-single-user#comment-176 Aaron Bertrand Mon, 26 Jan 2009 18:06:46 +0000 http://facility9.com/?p=292#comment-176 Sorry, as I tweeted, I am always using the newer function because many catalog views and dynamic management views/functions do not include schema_id. And I'd rather use the function than write out the joins by hand. I'm lazy. And thankfully am not managing any pre-SP2 SQL Server 2005 instances. Sorry, as I tweeted, I am always using the newer function because many catalog views and dynamic management views/functions do not include schema_id. And I’d rather use the function than write out the joins by hand. I’m lazy. And thankfully am not managing any pre-SP2 SQL Server 2005 instances.

]]> By: Jeremiah Peschka http://facility9.com/2009/01/26/grant-execute-permissions-on-all-stored-procedures-to-a-single-user#comment-175 Jeremiah Peschka Mon, 26 Jan 2009 17:59:37 +0000 http://facility9.com/?p=292#comment-175 Very true, OBJECT_SCHEMA_NAME is a newer function. You can also use SCHEMA_NAME([schema_id]) to get the schema name on older releases of SQL Server 2005. Very true, OBJECT_SCHEMA_NAME is a newer function. You can also use SCHEMA_NAME([schema_id]) to get the schema name on older releases of SQL Server 2005.

]]> By: Aaron Bertrand http://facility9.com/2009/01/26/grant-execute-permissions-on-all-stored-procedures-to-a-single-user#comment-174 Aaron Bertrand Mon, 26 Jan 2009 17:26:51 +0000 http://facility9.com/?p=292#comment-174 Note that OBJECT_SCHEMA_NAME() requires 2005 SP2+, IIRC Note that OBJECT_SCHEMA_NAME() requires 2005 SP2+, IIRC

]]> By: Aaron Bertrand http://facility9.com/2009/01/26/grant-execute-permissions-on-all-stored-procedures-to-a-single-user#comment-173 Aaron Bertrand Mon, 26 Jan 2009 17:10:15 +0000 http://facility9.com/?p=292#comment-173 Three suggestions: (1) escape _ (otherwise it is treated as "any single character") (2) store the whole pattern in the string (that way if you move this to a procedure you don't have to change the procedure to support LIKE '%[_]foo' etc.) (3) QUOTENAME() object names and include schema prefix in output SET @sproc_name_pattern = N'sproc[_]%'; SELECT @sql = @sql N'GRANT EXECUTE ON ' + QUOTENAME(OBJECT_SCHEMA_NAME([object_id])) + '.' + QUOTENAME([name]) + ' TO ' + QUOTENAME(@user_name) + ';' + @newline + @newline FROM sys.procedures WHERE [name] LIKE @sproc_name_pattern; Three suggestions:

(1) escape _ (otherwise it is treated as “any single character”)
(2) store the whole pattern in the string (that way if you move this to a procedure you don’t have to change the procedure to support LIKE ‘%[_]foo’ etc.)
(3) QUOTENAME() object names and include schema prefix in output

SET @sproc_name_pattern = N’sproc[_]%’;

SELECT @sql = @sql N’GRANT EXECUTE ON ‘
+ QUOTENAME(OBJECT_SCHEMA_NAME([object_id])) + ‘.’
+ QUOTENAME([name])
+ ‘ TO ‘
+ QUOTENAME(@user_name)
+ ‘;’
+ @newline + @newline
FROM sys.procedures
WHERE [name] LIKE @sproc_name_pattern;

]]>