MSSQL: mudanças entre as edições
Ir para navegação
Ir para pesquisar
Sem resumo de edição |
|||
| (10 revisões intermediárias pelo mesmo usuário não estão sendo mostradas) | |||
| Linha 1: | Linha 1: | ||
=Basic Commands= | =Basic Commands= | ||
Azure SQL | ==Azure SQL Database== | ||
===Create LOGIN/USER=== | |||
<syntaxhighlight lang=sql> | <syntaxhighlight lang=sql> | ||
-- Create LOGIN | -- Create LOGIN | ||
CREATE LOGIN readonlylogin WITH password='1231!#ASDF!a'; | CREATE LOGIN readonlylogin WITH password='1231!#ASDF!a'; | ||
-- OR | |||
USE [master] | |||
GO | GO | ||
CREATE LOGIN [readonlylogin] WITH PASSWORD=N'1231!#ASDF!a', DEFAULT_DATABASE=[TESTDATABASE], CHECK_EXPIRATION=OFF, CHECK_POLICY=OFF | |||
GO | |||
-- Create USER | -- Create USER | ||
USE TESTDATABASE | |||
GO | |||
CREATE USER readonlyuser FROM LOGIN readonlylogin; | CREATE USER readonlyuser FROM LOGIN readonlylogin; | ||
GO | GO | ||
-- CREATE USER WITHOUT LOGIN | |||
CREATE USER readonlyuser WITH PASSWORD = '1231!#ASDF!a'; | |||
-- CREATE USER ON THE DATABASE | |||
CREATE USER username WITH PASSWORD = 'MySuperS3cretP@ssw0rd'; | |||
ALTER ROLE [db_datareader] ADD MEMBER [username]; | |||
ALTER ROLE [db_datawriter] ADD MEMBER [username]; | |||
ALTER ROLE [db_owner] ADD MEMBER [username]; | |||
</syntaxhighlight> | |||
===Drop User=== | |||
<syntaxhighlight lang=sql> | |||
DROP USER username; | |||
</syntaxhighlight> | |||
===Set Permission=== | |||
<syntaxhighlight lang=sql> | |||
-- ADD ROLE MEMBER | -- ADD ROLE MEMBER | ||
EXEC sp_addrolemember 'db_datareader', 'readonlyuser'; | EXEC sp_addrolemember 'db_datareader', 'readonlyuser'; | ||
-- OR | |||
USE TESTDATABASE | |||
GO | GO | ||
ALTER ROLE [db_datareader] ADD MEMBER [readonlyuser]; | ALTER ROLE [db_datareader] ADD MEMBER [readonlyuser]; | ||
GO | GO | ||
</syntaxhighlight> | |||
===Get Permissions=== | |||
<syntaxhighlight lang=sql> | |||
-- GET ALL PERMISSIONS EXPLICITLY GRANTED OR DENIED | -- GET ALL PERMISSIONS EXPLICITLY GRANTED OR DENIED | ||
SELECT DISTINCT pr.principal_id, pr.name, pr.type_desc, | SELECT DISTINCT pr.principal_id, pr.name, pr.type_desc, | ||
| Linha 23: | Linha 49: | ||
JOIN sys.database_permissions AS pe | JOIN sys.database_permissions AS pe | ||
ON pe.grantee_principal_id = pr.principal_id; | ON pe.grantee_principal_id = pr.principal_id; | ||
</syntaxhighlight> | |||
===Get Detailed Permissions=== | |||
<syntaxhighlight lang=sql> | |||
-- GET DETAILED PERMISSIONS | |||
;WITH | |||
[explicit] AS ( | |||
SELECT [p].[principal_id], [p].[name], [p].[type_desc], [p].[create_date], | |||
[dbp].[permission_name] COLLATE SQL_Latin1_General_CP1_CI_AS [permission], | |||
CAST('' AS SYSNAME) [grant_through] | |||
FROM [sys].[database_permissions] [dbp] | |||
INNER JOIN [sys].[database_principals] [p] ON [dbp].[grantee_principal_id] = [p].[principal_id] | |||
WHERE ([dbp].[type] IN ('IN','UP','DL','CL','DABO','IM','SL','TO') OR [dbp].[type] LIKE 'AL%' OR [dbp].[type] LIKE 'CR%') | |||
AND [dbp].[state] IN ('G','W') | |||
UNION ALL | |||
SELECT [dp].[principal_id], [dp].[name], [dp].[type_desc], [dp].[create_date], [p].[permission], [p].[name] [grant_through] | |||
FROM [sys].[database_principals] [dp] | |||
INNER JOIN [sys].[database_role_members] [rm] ON [rm].[member_principal_id] = [dp].[principal_id] | |||
INNER JOIN [explicit] [p] ON [p].[principal_id] = [rm].[role_principal_id] | |||
), | |||
[fixed] AS ( | |||
SELECT [dp].[principal_id], [dp].[name], [dp].[type_desc], [dp].[create_date], [p].[name] [permission], CAST('' AS SYSNAME) [grant_through] | |||
FROM [sys].[database_principals] [dp] | |||
INNER JOIN [sys].[database_role_members] [rm] ON [rm].[member_principal_id] = [dp].[principal_id] | |||
INNER JOIN [sys].[database_principals] [p] ON [p].[principal_id] = [rm].[role_principal_id] | |||
WHERE [p].[name] IN ('db_owner','db_datareader','db_datawriter','db_ddladmin','db_securityadmin','db_accessadmin','dbmanager','loginmanager') | |||
UNION ALL | |||
SELECT [dp].[principal_id], [dp].[name], [dp].[type_desc], [dp].[create_date], [p].[permission], [p].[name] [grant_through] | |||
FROM [sys].[database_principals] [dp] | |||
INNER JOIN [sys].[database_role_members] [rm] ON [rm].[member_principal_id] = [dp].[principal_id] | |||
INNER JOIN [fixed] [p] ON [p].[principal_id] = [rm].[role_principal_id] | |||
) | |||
SELECT DISTINCT DB_NAME() [database], [name] [username], [type_desc], [create_date], [permission], [grant_through] | |||
FROM [explicit] | |||
WHERE [type_desc] NOT IN ('DATABASE_ROLE') | |||
UNION ALL | |||
SELECT DISTINCT DB_NAME(), [name], [type_desc], [create_date], [permission], [grant_through] | |||
FROM [fixed] | |||
WHERE [type_desc] NOT IN ('DATABASE_ROLE') | |||
ORDER BY 1, 2 | |||
OPTION(MAXRECURSION 10); | |||
</syntaxhighlight> | |||
===Delete User=== | |||
<syntaxhighlight lang=sql> | |||
-- DELETE/REMOVE USER | |||
DROP USER readonlyuser; | |||
</syntaxhighlight> | |||
===Get All databases=== | |||
<syntaxhighlight lang=sql> | |||
-- LIST ALL DATABASES | |||
select [name] as database_name, | |||
database_id, | |||
create_date | |||
from sys.databases | |||
order by name | |||
</syntaxhighlight> | |||
===Get all tables=== | |||
<syntaxhighlight lang=sql> | |||
-- LIST ALL TABLES | |||
select schema_name(t.schema_id) as schema_name, | |||
t.name as table_name, | |||
t.create_date, | |||
t.modify_date | |||
from sys.tables t | |||
order by schema_name, | |||
table_name; | |||
</syntaxhighlight> | |||
===Describe Table columns=== | |||
<syntaxhighlight lang=sql> | |||
exec sp_columns Employee; | |||
</syntaxhighlight> | |||
===Delete All data on a table=== | |||
<syntaxhighlight lang=sql> | |||
truncate table Employee; | |||
</syntaxhighlight> | </syntaxhighlight> | ||
===[https://dataedo.com/kb/query/azure-sql/list-database-sessions Get Sessions]=== | |||
<syntaxhighlight lang=sql> | |||
exec sp_who2; | |||
</syntaxhighlight> | |||
=Docs= | =Docs= | ||
*[https://docs.microsoft.com/en-us/sql/relational-databases/security/authentication-access/database-level-roles?view=sql-server-ver15 Database-Level Roles] | *[https://docs.microsoft.com/en-us/sql/relational-databases/security/authentication-access/database-level-roles?view=sql-server-ver15 Database-Level Roles] | ||
*[https://azure.microsoft.com/pt-br/blog/adding-users-to-your-sql-azure-database/ Adding Users to Your SQL Azure Database] | *[https://azure.microsoft.com/pt-br/blog/adding-users-to-your-sql-azure-database/ Adding Users to Your SQL Azure Database] | ||
*[https://docs.microsoft.com/en-us/sql/relational-databases/system-catalog-views/sys-database-permissions-transact-sql?redirectedfrom=MSDN&view=sql-server-ver15 sys.database_permissions (Transact-SQL)] | |||
*[https://docs.microsoft.com/en-us/azure/azure-sql/database/logins-create-manage Authorize database access to SQL Database, SQL Managed Instance, and Azure Synapse Analytics] | |||
Edição atual tal como às 14h35min de 13 de julho de 2022
Basic Commands
Azure SQL Database
Create LOGIN/USER
-- Create LOGIN
CREATE LOGIN readonlylogin WITH password='1231!#ASDF!a';
-- OR
USE [master]
GO
CREATE LOGIN [readonlylogin] WITH PASSWORD=N'1231!#ASDF!a', DEFAULT_DATABASE=[TESTDATABASE], CHECK_EXPIRATION=OFF, CHECK_POLICY=OFF
GO
-- Create USER
USE TESTDATABASE
GO
CREATE USER readonlyuser FROM LOGIN readonlylogin;
GO
-- CREATE USER WITHOUT LOGIN
CREATE USER readonlyuser WITH PASSWORD = '1231!#ASDF!a';
-- CREATE USER ON THE DATABASE
CREATE USER username WITH PASSWORD = 'MySuperS3cretP@ssw0rd';
ALTER ROLE [db_datareader] ADD MEMBER [username];
ALTER ROLE [db_datawriter] ADD MEMBER [username];
ALTER ROLE [db_owner] ADD MEMBER [username];
Drop User
DROP USER username;
Set Permission
-- ADD ROLE MEMBER
EXEC sp_addrolemember 'db_datareader', 'readonlyuser';
-- OR
USE TESTDATABASE
GO
ALTER ROLE [db_datareader] ADD MEMBER [readonlyuser];
GO
Get Permissions
-- GET ALL PERMISSIONS EXPLICITLY GRANTED OR DENIED
SELECT DISTINCT pr.principal_id, pr.name, pr.type_desc,
pr.authentication_type_desc, pe.state_desc, pe.permission_name
FROM sys.database_principals AS pr
JOIN sys.database_permissions AS pe
ON pe.grantee_principal_id = pr.principal_id;
Get Detailed Permissions
-- GET DETAILED PERMISSIONS
;WITH
[explicit] AS (
SELECT [p].[principal_id], [p].[name], [p].[type_desc], [p].[create_date],
[dbp].[permission_name] COLLATE SQL_Latin1_General_CP1_CI_AS [permission],
CAST('' AS SYSNAME) [grant_through]
FROM [sys].[database_permissions] [dbp]
INNER JOIN [sys].[database_principals] [p] ON [dbp].[grantee_principal_id] = [p].[principal_id]
WHERE ([dbp].[type] IN ('IN','UP','DL','CL','DABO','IM','SL','TO') OR [dbp].[type] LIKE 'AL%' OR [dbp].[type] LIKE 'CR%')
AND [dbp].[state] IN ('G','W')
UNION ALL
SELECT [dp].[principal_id], [dp].[name], [dp].[type_desc], [dp].[create_date], [p].[permission], [p].[name] [grant_through]
FROM [sys].[database_principals] [dp]
INNER JOIN [sys].[database_role_members] [rm] ON [rm].[member_principal_id] = [dp].[principal_id]
INNER JOIN [explicit] [p] ON [p].[principal_id] = [rm].[role_principal_id]
),
[fixed] AS (
SELECT [dp].[principal_id], [dp].[name], [dp].[type_desc], [dp].[create_date], [p].[name] [permission], CAST('' AS SYSNAME) [grant_through]
FROM [sys].[database_principals] [dp]
INNER JOIN [sys].[database_role_members] [rm] ON [rm].[member_principal_id] = [dp].[principal_id]
INNER JOIN [sys].[database_principals] [p] ON [p].[principal_id] = [rm].[role_principal_id]
WHERE [p].[name] IN ('db_owner','db_datareader','db_datawriter','db_ddladmin','db_securityadmin','db_accessadmin','dbmanager','loginmanager')
UNION ALL
SELECT [dp].[principal_id], [dp].[name], [dp].[type_desc], [dp].[create_date], [p].[permission], [p].[name] [grant_through]
FROM [sys].[database_principals] [dp]
INNER JOIN [sys].[database_role_members] [rm] ON [rm].[member_principal_id] = [dp].[principal_id]
INNER JOIN [fixed] [p] ON [p].[principal_id] = [rm].[role_principal_id]
)
SELECT DISTINCT DB_NAME() [database], [name] [username], [type_desc], [create_date], [permission], [grant_through]
FROM [explicit]
WHERE [type_desc] NOT IN ('DATABASE_ROLE')
UNION ALL
SELECT DISTINCT DB_NAME(), [name], [type_desc], [create_date], [permission], [grant_through]
FROM [fixed]
WHERE [type_desc] NOT IN ('DATABASE_ROLE')
ORDER BY 1, 2
OPTION(MAXRECURSION 10);
Delete User
-- DELETE/REMOVE USER
DROP USER readonlyuser;
Get All databases
-- LIST ALL DATABASES
select [name] as database_name,
database_id,
create_date
from sys.databases
order by name
Get all tables
-- LIST ALL TABLES
select schema_name(t.schema_id) as schema_name,
t.name as table_name,
t.create_date,
t.modify_date
from sys.tables t
order by schema_name,
table_name;
Describe Table columns
exec sp_columns Employee;
Delete All data on a table
truncate table Employee;
Get Sessions
exec sp_who2;