SQL Server--ChangeAllSysadminPermission/List All Of The Sysadmin Permission

List all of the sysadmin permission

SELECT r.name AS ROLE
    ,m.name AS Principal
FROM master.sys.server_role_members rm
INNER JOIN master.sys.server_principals r ON r.principal_id = rm.role_principal_id
    AND r.type = 'R'
INNER JOIN master.sys.server_principals m ON m.principal_id = rm.member_principal_id
WHERE r.name = 'sysadmin'

Change all aysadmin permission most likely the same permission

DECLARE @ServerRule NVARCHAR(100)
    ,@Login NVARCHAR(100)
    ,@Query NVARCHAR(4000)

DECLARE MYCURSOR CURSOR
FOR
SELECT r.name AS ROLE
    ,m.name AS Principal
FROM master.sys.server_role_members rm
INNER JOIN master.sys.server_principals r ON r.principal_id = rm.role_principal_id
    AND r.type = 'R'
INNER JOIN master.sys.server_principals m ON m.principal_id = rm.member_principal_id
WHERE r.name = 'sysadmin'
    AND m.name LIKE 'AP%'
    AND m.name IN (
        'AP\WuZ10'
        ,'AP\ChenJ47'
        ,'AP\LuCL'
        ,'AP\FuH5'
        ,'AP\TaiRD'
        )

OPEN MYCURSOR

FETCH NEXT
FROM MYCURSOR
INTO @ServerRule
    ,@Login

WHILE @@FETCH_STATUS = 0
BEGIN
    SET @Query = '
    USE [master]
    GO
    ALTER SERVER ROLE [sysadmin] DROP MEMBER [' + @Login + ']
    GO
    ALTER SERVER ROLE [bulkadmin] ADD MEMBER [' + @Login + ']
    GO
    ALTER SERVER ROLE [dbcreator] ADD MEMBER [' + @Login + ']
    GO
    ALTER SERVER ROLE [diskadmin] ADD MEMBER [' + @Login + ']
    GO
    ALTER SERVER ROLE [processadmin] ADD MEMBER [' + @Login + ']
    GO
    ALTER SERVER ROLE [securityadmin] ADD MEMBER [' + @Login + ']
    GO
    ALTER SERVER ROLE [setupadmin] ADD MEMBER [' + @Login + ']
    GO

    USE [msdb]
    GO
    CREATE USER [' + @Login + '] FOR LOGIN [' + @Login + ']
    GO
    USE [msdb]
    GO
    ALTER ROLE [DatabaseMailUserRole] ADD MEMBER [' + @Login + ']
    GO
    USE [msdb]
    GO
    ALTER ROLE [SQLAgentOperatorRole] ADD MEMBER [' + @Login + ']
    GO
    USE [msdb]
    GO
    ALTER ROLE [SQLAgentReaderRole] ADD MEMBER [' + @Login + ']
    GO
    USE [msdb]
    GO
    ALTER ROLE [SQLAgentUserRole] ADD MEMBER [' + @Login + ']
    GO
    '

    PRINT (@Query)

    -- EXEC(@Query)
    FETCH NEXT
    FROM MYCURSOR
    INTO @ServerRule
        ,@Login
END

CLOSE MYCURSOR

DEALLOCATE MYCURSOR

參考來源:

https://docs.microsoft.com/en-us/sql/relational-databases/security/authentication-access/server-level-roles?view=sql-server-ver15 https://stackoverflow.com/questions/7048839/sql-server-query-to-find-all-permissions-access-for-all-users-in-a-database https://www.netwrix.com/how_to_check_user_roles_in_sql_server.html

tags: SQL Server

• ← SQL Server--Cluster Index欄位選擇策略
• SQLite--SQLite管理工具DB →