I have a stored procedure that finds all the existing databases and reads from a table in each one.
Is there a way I can give a login read access to all databases, and to all future databases i.e., I won't have to do anything when a new database is added?
Is there a server role that would work? Is there a way to make a SQL agent job add the permissions on any new databases? Or is there some other method?
For new databases, add the user in the model database. This is used as the template for all new databases.
USE model
CREATE USER ... FROM LOGIN...
EXEC sp_addrolemember 'db_datareader', '...'
For existing databases, use sp_MSForEachDb
EXEC sp_MSForEachDb '
USE ?
CREATE USER ... FROM LOGIN...
EXEC sp_addrolemember ''db_datareader'', ''...''
'
USE [master] GO --IF Not EXISTS (SELECT * FROM syslogins where loginname = 'replace with Login name ') --CREATE LOGIN [replace with Login name ] FROM WINDOWS WITH DEFAULT_DATABASE=[master] --GO DECLARE @SQL VARCHAR(MAX) DECLARE @DatabaseName VARCHAR(255)
DECLARE crFetch CURSOR FOR --SELECT NAME FROM SYSDATABASES WHERE name in --('master','model','tempdb','msdb','distribution')
SELECT NAME FROM SYS.DATABASES WHERE name not in ('master','model','tempdb','msdb','distribution')
OPEN crFetch FETCH NEXT FROM crFetch INTO @DatabaseName
WHILE @@FETCH_STATUS <> -1 BEGIN
SET @SQL =
'USE [' + @DatabaseName + ']' + 'if not exists (select name from sysusers where name='+ ''''+ 'replace with Login name '+ ''''+ ')' + 'CREATE USER [replace with Login name ] FOR LOGIN [replace with Login name ]' + 'EXEC sp_addrolemember N' + '''' + 'db_ETL' + '''' + ', N' + '''' + 'replace with Login name ' + '''' +' '
--'EXEC sp_addrolemember N' + '''' + 'db_datareader' + '''' + ', N' + '''' + 'replace with Login name ' + '''' + --'if not exists(select name from sysusers where name='+ ''''+ 'db_executor'+''''+ 'and issqlrole=1)' + --'create ROLE db_executor' + ' ' + --'GRANT EXECUTE TO db_executor' + ' ' + --'EXEC sp_addrolemember N' + '''' + 'db_executor' + '''' + ', N' + '''' + 'replace with Login name ' + '''' +'
--PRINT @SQL
EXEC(@SQL)
FETCH NEXT FROM crFetch INTO @DatabaseName END
CLOSE crFetch DEALLOCATE crFetch
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 叼着烟拽天下 的文章《SQL Server - Give a Login Permission for Read Acce》','https://www.manongdao.com/article-251504.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}