Permission on Database [on hold]












2















I have a login user called TestUser created at the server level that is assigned to a read only role, now I need to create a user for the TestUser login on MyDb



USE [MyDB]

GO

CREATE USER [Test] FOR LOGIN [TestUser]

GO

GRANT SELECT TO [Test]

GO

DENY DELETE TO [Test]

GO

DENY INSERT TO [Test]

GO

DENY UPDATE TO [Test]

GO


everything is good but when I script that Test user created, I don't see in any place the script that I'm giving select and denying insert, delete and update






sql-server permissions users







share|improve this question









New contributor




user175111 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











put on hold as unclear what you're asking by mustaccio, John Eisbrener, hot2use, Tony Hinkle, Marco 7 hours ago


Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.























    2















    I have a login user called TestUser created at the server level that is assigned to a read only role, now I need to create a user for the TestUser login on MyDb



    USE [MyDB]
    
GO
    
CREATE USER [Test] FOR LOGIN [TestUser]
    
GO
    
GRANT SELECT TO [Test]
    
GO
    
DENY DELETE TO [Test]
    
GO
    
DENY INSERT TO [Test]
    
GO
    
DENY UPDATE TO [Test]
    
GO


    everything is good but when I script that Test user created, I don't see in any place the script that I'm giving select and denying insert, delete and update






    sql-server permissions users







    share|improve this question









    New contributor




    user175111 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.











    put on hold as unclear what you're asking by mustaccio, John Eisbrener, hot2use, Tony Hinkle, Marco 7 hours ago


    Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.





















      2












      2








      2








      I have a login user called TestUser created at the server level that is assigned to a read only role, now I need to create a user for the TestUser login on MyDb



      USE [MyDB]
      
GO
      
CREATE USER [Test] FOR LOGIN [TestUser]
      
GO
      
GRANT SELECT TO [Test]
      
GO
      
DENY DELETE TO [Test]
      
GO
      
DENY INSERT TO [Test]
      
GO
      
DENY UPDATE TO [Test]
      
GO


      everything is good but when I script that Test user created, I don't see in any place the script that I'm giving select and denying insert, delete and update






      sql-server permissions users







      share|improve this question









      New contributor




      user175111 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.












      I have a login user called TestUser created at the server level that is assigned to a read only role, now I need to create a user for the TestUser login on MyDb



      USE [MyDB]
      
GO
      
CREATE USER [Test] FOR LOGIN [TestUser]
      
GO
      
GRANT SELECT TO [Test]
      
GO
      
DENY DELETE TO [Test]
      
GO
      
DENY INSERT TO [Test]
      
GO
      
DENY UPDATE TO [Test]
      
GO


      everything is good but when I script that Test user created, I don't see in any place the script that I'm giving select and denying insert, delete and update






      sql-server permissions users




      sql-server permissions users






      share|improve this question









      New contributor




      user175111 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.











      share|improve this question









      New contributor




      user175111 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      share|improve this question




      share|improve this question








      edited Mar 21 at 20:10









      LowlyDBA

      7,26752643




      7,26752643






      New contributor




      user175111 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      asked Mar 21 at 19:32









      user175111user175111

      202




      202




      New contributor




      user175111 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.





      New contributor





      user175111 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






      user175111 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.




      put on hold as unclear what you're asking by mustaccio, John Eisbrener, hot2use, Tony Hinkle, Marco 7 hours ago


      Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.









      put on hold as unclear what you're asking by mustaccio, John Eisbrener, hot2use, Tony Hinkle, Marco 7 hours ago


      Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
























          2 Answers
          2






          active

          oldest

          votes


















          0















          I have a login user called TestUser created at the server level that
          is assigned to a read only role




          There is no any fixed server role that can be called "read only role".



          Maybe your @@version >= 2014 and you granted select all user securables to your login?



          If so, this server level permission can be seen this way:



          select class_desc, permission_name, state_desc
          
from sys.server_permissions
          
where suser_name(grantee_principal_id) = 'Test';
          
---------------------------------------------------
          
--class_desc    permission_name state_desc
          
--SERVER    CONNECT SQL GRANT
          
--SERVER    SELECT ALL USER SECURABLES  GRANT


          Then you did some unnecessary grant/deny, you should not did it. When you map your login that has select all user securables this user already access any data in this database, so there is no need in additional SELECT permission.



          Also there is no need to deny other rights as the newly created user does not have any of this permission.



          But if you want to check that they were granted/denied you should select from sys.database_permissions like so:



          select class_desc, permission_name, state_desc
          
from sys.database_permissions
          
where user_name(grantee_principal_id) = 'Test';
          
---------------------------------------------------
          
--class_desc    permission_name state_desc
          
--DATABASE  CONNECT GRANT
          
--DATABASE  DELETE  DENY
          
--DATABASE  INSERT  DENY
          
--DATABASE  SELECT  GRANT
          
--DATABASE  UPDATE  DENY


          You can script server level permissions as well as database level permissions using sys.server_permissions / sys.database_permissions, in your simple case when the securable is database the script can look like this:



          select state_desc +'  ' + permission_name + ' to Test'
          
from sys.database_permissions
          
where user_name(grantee_principal_id) = 'Test'
          
      and permission_name <> 'connect';


          Here is the complete script to test:



          create login Test with password = '*****', check_policy = off;
          
grant select all user securables to Test;
          

          
select class_desc, permission_name, state_desc
          
from sys.server_permissions
          
where suser_name(grantee_principal_id) = 'Test';
          
---------------------------------------------------
          
--class_desc    permission_name state_desc
          
--SERVER    CONNECT SQL GRANT
          
--SERVER    SELECT ALL USER SECURABLES  GRANT
          

          
use MyDB;
          
create user Test from login Test;
          

          
select class_desc, permission_name, state_desc
          
from sys.database_permissions
          
where user_name(grantee_principal_id) = 'Test';
          
---------------------------------------------------
          
--class_desc    permission_name state_desc
          
--DATABASE  CONNECT GRANT
          

          
GRANT SELECT TO [Test]
          
GO
          
DENY DELETE TO [Test]
          
GO
          
DENY INSERT TO [Test]
          
GO
          
DENY UPDATE TO [Test]
          
GO
          

          
select class_desc, permission_name, state_desc
          
from sys.database_permissions
          
where user_name(grantee_principal_id) = 'Test';
          
---------------------------------------------------
          
--class_desc    permission_name state_desc
          
--DATABASE  CONNECT GRANT
          
--DATABASE  DELETE  DENY
          
--DATABASE  INSERT  DENY
          
--DATABASE  SELECT  GRANT
          
--DATABASE  UPDATE  DENY
          

          
select state_desc +'  ' + permission_name + ' to Test'
          
from sys.database_permissions
          
where user_name(grantee_principal_id) = 'Test'
          
      and permission_name <> 'connect';





          share|improve this answer
























          • Thank you everybody for the time you spend on this for me, very appreciated :)

            – user175111
            Mar 22 at 13:08



















          5














          Most probably because you are using the generate scripts method to do so.



          I would suggest to use open source DBA tools to view the permission or export.



          Aliases : Export-SqlUser



          Synopsis



          Exports users creation and its permissions to a T-SQL file or host.



          Description



          Exports users creation and its permissions to a T-SQL file or host. Export includes user, create and add to role(s), database level permissions, object level permissions.



          Example:




          PS C:> Export-DbaUser -SqlInstance sqlserver2014a -User User1, User2
          -Path C:tempusers.sql




          Exports ONLY users User1 and User2 from sqlserver2014a to the file C:tempusers.sql






          share|improve this answer


























          • is it probably Export-DbaUser?

            – user175111
            Mar 21 at 21:11











          • One more question, can we install this in a prod server?

            – user175111
            Mar 21 at 21:17











          • Yes it's widely used and recommended by community. As always said, test in lower environments and go to prod from there. Visit dbatools security page to get more clarification on this

            – KASQLDBA
            Mar 21 at 22:00


















          2 Answers
          2






          active

          oldest

          votes








          2 Answers
          2






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          0















          I have a login user called TestUser created at the server level that
          is assigned to a read only role




          There is no any fixed server role that can be called "read only role".



          Maybe your @@version >= 2014 and you granted select all user securables to your login?



          If so, this server level permission can be seen this way:



          select class_desc, permission_name, state_desc
          
from sys.server_permissions
          
where suser_name(grantee_principal_id) = 'Test';
          
---------------------------------------------------
          
--class_desc    permission_name state_desc
          
--SERVER    CONNECT SQL GRANT
          
--SERVER    SELECT ALL USER SECURABLES  GRANT


          Then you did some unnecessary grant/deny, you should not did it. When you map your login that has select all user securables this user already access any data in this database, so there is no need in additional SELECT permission.



          Also there is no need to deny other rights as the newly created user does not have any of this permission.



          But if you want to check that they were granted/denied you should select from sys.database_permissions like so:



          select class_desc, permission_name, state_desc
          
from sys.database_permissions
          
where user_name(grantee_principal_id) = 'Test';
          
---------------------------------------------------
          
--class_desc    permission_name state_desc
          
--DATABASE  CONNECT GRANT
          
--DATABASE  DELETE  DENY
          
--DATABASE  INSERT  DENY
          
--DATABASE  SELECT  GRANT
          
--DATABASE  UPDATE  DENY


          You can script server level permissions as well as database level permissions using sys.server_permissions / sys.database_permissions, in your simple case when the securable is database the script can look like this:



          select state_desc +'  ' + permission_name + ' to Test'
          
from sys.database_permissions
          
where user_name(grantee_principal_id) = 'Test'
          
      and permission_name <> 'connect';


          Here is the complete script to test:



          create login Test with password = '*****', check_policy = off;
          
grant select all user securables to Test;
          

          
select class_desc, permission_name, state_desc
          
from sys.server_permissions
          
where suser_name(grantee_principal_id) = 'Test';
          
---------------------------------------------------
          
--class_desc    permission_name state_desc
          
--SERVER    CONNECT SQL GRANT
          
--SERVER    SELECT ALL USER SECURABLES  GRANT
          

          
use MyDB;
          
create user Test from login Test;
          

          
select class_desc, permission_name, state_desc
          
from sys.database_permissions
          
where user_name(grantee_principal_id) = 'Test';
          
---------------------------------------------------
          
--class_desc    permission_name state_desc
          
--DATABASE  CONNECT GRANT
          

          
GRANT SELECT TO [Test]
          
GO
          
DENY DELETE TO [Test]
          
GO
          
DENY INSERT TO [Test]
          
GO
          
DENY UPDATE TO [Test]
          
GO
          

          
select class_desc, permission_name, state_desc
          
from sys.database_permissions
          
where user_name(grantee_principal_id) = 'Test';
          
---------------------------------------------------
          
--class_desc    permission_name state_desc
          
--DATABASE  CONNECT GRANT
          
--DATABASE  DELETE  DENY
          
--DATABASE  INSERT  DENY
          
--DATABASE  SELECT  GRANT
          
--DATABASE  UPDATE  DENY
          

          
select state_desc +'  ' + permission_name + ' to Test'
          
from sys.database_permissions
          
where user_name(grantee_principal_id) = 'Test'
          
      and permission_name <> 'connect';





          share|improve this answer
























          • Thank you everybody for the time you spend on this for me, very appreciated :)

            – user175111
            Mar 22 at 13:08
















          0















          I have a login user called TestUser created at the server level that
          is assigned to a read only role




          There is no any fixed server role that can be called "read only role".



          Maybe your @@version >= 2014 and you granted select all user securables to your login?



          If so, this server level permission can be seen this way:



          select class_desc, permission_name, state_desc
          
from sys.server_permissions
          
where suser_name(grantee_principal_id) = 'Test';
          
---------------------------------------------------
          
--class_desc    permission_name state_desc
          
--SERVER    CONNECT SQL GRANT
          
--SERVER    SELECT ALL USER SECURABLES  GRANT


          Then you did some unnecessary grant/deny, you should not did it. When you map your login that has select all user securables this user already access any data in this database, so there is no need in additional SELECT permission.



          Also there is no need to deny other rights as the newly created user does not have any of this permission.



          But if you want to check that they were granted/denied you should select from sys.database_permissions like so:



          select class_desc, permission_name, state_desc
          
from sys.database_permissions
          
where user_name(grantee_principal_id) = 'Test';
          
---------------------------------------------------
          
--class_desc    permission_name state_desc
          
--DATABASE  CONNECT GRANT
          
--DATABASE  DELETE  DENY
          
--DATABASE  INSERT  DENY
          
--DATABASE  SELECT  GRANT
          
--DATABASE  UPDATE  DENY


          You can script server level permissions as well as database level permissions using sys.server_permissions / sys.database_permissions, in your simple case when the securable is database the script can look like this:



          select state_desc +'  ' + permission_name + ' to Test'
          
from sys.database_permissions
          
where user_name(grantee_principal_id) = 'Test'
          
      and permission_name <> 'connect';


          Here is the complete script to test:



          create login Test with password = '*****', check_policy = off;
          
grant select all user securables to Test;
          

          
select class_desc, permission_name, state_desc
          
from sys.server_permissions
          
where suser_name(grantee_principal_id) = 'Test';
          
---------------------------------------------------
          
--class_desc    permission_name state_desc
          
--SERVER    CONNECT SQL GRANT
          
--SERVER    SELECT ALL USER SECURABLES  GRANT
          

          
use MyDB;
          
create user Test from login Test;
          

          
select class_desc, permission_name, state_desc
          
from sys.database_permissions
          
where user_name(grantee_principal_id) = 'Test';
          
---------------------------------------------------
          
--class_desc    permission_name state_desc
          
--DATABASE  CONNECT GRANT
          

          
GRANT SELECT TO [Test]
          
GO
          
DENY DELETE TO [Test]
          
GO
          
DENY INSERT TO [Test]
          
GO
          
DENY UPDATE TO [Test]
          
GO
          

          
select class_desc, permission_name, state_desc
          
from sys.database_permissions
          
where user_name(grantee_principal_id) = 'Test';
          
---------------------------------------------------
          
--class_desc    permission_name state_desc
          
--DATABASE  CONNECT GRANT
          
--DATABASE  DELETE  DENY
          
--DATABASE  INSERT  DENY
          
--DATABASE  SELECT  GRANT
          
--DATABASE  UPDATE  DENY
          

          
select state_desc +'  ' + permission_name + ' to Test'
          
from sys.database_permissions
          
where user_name(grantee_principal_id) = 'Test'
          
      and permission_name <> 'connect';





          share|improve this answer
























          • Thank you everybody for the time you spend on this for me, very appreciated :)

            – user175111
            Mar 22 at 13:08














          0












          0








          0








          I have a login user called TestUser created at the server level that
          is assigned to a read only role




          There is no any fixed server role that can be called "read only role".



          Maybe your @@version >= 2014 and you granted select all user securables to your login?



          If so, this server level permission can be seen this way:



          select class_desc, permission_name, state_desc
          
from sys.server_permissions
          
where suser_name(grantee_principal_id) = 'Test';
          
---------------------------------------------------
          
--class_desc    permission_name state_desc
          
--SERVER    CONNECT SQL GRANT
          
--SERVER    SELECT ALL USER SECURABLES  GRANT


          Then you did some unnecessary grant/deny, you should not did it. When you map your login that has select all user securables this user already access any data in this database, so there is no need in additional SELECT permission.



          Also there is no need to deny other rights as the newly created user does not have any of this permission.



          But if you want to check that they were granted/denied you should select from sys.database_permissions like so:



          select class_desc, permission_name, state_desc
          
from sys.database_permissions
          
where user_name(grantee_principal_id) = 'Test';
          
---------------------------------------------------
          
--class_desc    permission_name state_desc
          
--DATABASE  CONNECT GRANT
          
--DATABASE  DELETE  DENY
          
--DATABASE  INSERT  DENY
          
--DATABASE  SELECT  GRANT
          
--DATABASE  UPDATE  DENY


          You can script server level permissions as well as database level permissions using sys.server_permissions / sys.database_permissions, in your simple case when the securable is database the script can look like this:



          select state_desc +'  ' + permission_name + ' to Test'
          
from sys.database_permissions
          
where user_name(grantee_principal_id) = 'Test'
          
      and permission_name <> 'connect';


          Here is the complete script to test:



          create login Test with password = '*****', check_policy = off;
          
grant select all user securables to Test;
          

          
select class_desc, permission_name, state_desc
          
from sys.server_permissions
          
where suser_name(grantee_principal_id) = 'Test';
          
---------------------------------------------------
          
--class_desc    permission_name state_desc
          
--SERVER    CONNECT SQL GRANT
          
--SERVER    SELECT ALL USER SECURABLES  GRANT
          

          
use MyDB;
          
create user Test from login Test;
          

          
select class_desc, permission_name, state_desc
          
from sys.database_permissions
          
where user_name(grantee_principal_id) = 'Test';
          
---------------------------------------------------
          
--class_desc    permission_name state_desc
          
--DATABASE  CONNECT GRANT
          

          
GRANT SELECT TO [Test]
          
GO
          
DENY DELETE TO [Test]
          
GO
          
DENY INSERT TO [Test]
          
GO
          
DENY UPDATE TO [Test]
          
GO
          

          
select class_desc, permission_name, state_desc
          
from sys.database_permissions
          
where user_name(grantee_principal_id) = 'Test';
          
---------------------------------------------------
          
--class_desc    permission_name state_desc
          
--DATABASE  CONNECT GRANT
          
--DATABASE  DELETE  DENY
          
--DATABASE  INSERT  DENY
          
--DATABASE  SELECT  GRANT
          
--DATABASE  UPDATE  DENY
          

          
select state_desc +'  ' + permission_name + ' to Test'
          
from sys.database_permissions
          
where user_name(grantee_principal_id) = 'Test'
          
      and permission_name <> 'connect';





          share|improve this answer














          I have a login user called TestUser created at the server level that
          is assigned to a read only role




          There is no any fixed server role that can be called "read only role".



          Maybe your @@version >= 2014 and you granted select all user securables to your login?



          If so, this server level permission can be seen this way:



          select class_desc, permission_name, state_desc
          
from sys.server_permissions
          
where suser_name(grantee_principal_id) = 'Test';
          
---------------------------------------------------
          
--class_desc    permission_name state_desc
          
--SERVER    CONNECT SQL GRANT
          
--SERVER    SELECT ALL USER SECURABLES  GRANT


          Then you did some unnecessary grant/deny, you should not did it. When you map your login that has select all user securables this user already access any data in this database, so there is no need in additional SELECT permission.



          Also there is no need to deny other rights as the newly created user does not have any of this permission.



          But if you want to check that they were granted/denied you should select from sys.database_permissions like so:



          select class_desc, permission_name, state_desc
          
from sys.database_permissions
          
where user_name(grantee_principal_id) = 'Test';
          
---------------------------------------------------
          
--class_desc    permission_name state_desc
          
--DATABASE  CONNECT GRANT
          
--DATABASE  DELETE  DENY
          
--DATABASE  INSERT  DENY
          
--DATABASE  SELECT  GRANT
          
--DATABASE  UPDATE  DENY


          You can script server level permissions as well as database level permissions using sys.server_permissions / sys.database_permissions, in your simple case when the securable is database the script can look like this:



          select state_desc +'  ' + permission_name + ' to Test'
          
from sys.database_permissions
          
where user_name(grantee_principal_id) = 'Test'
          
      and permission_name <> 'connect';


          Here is the complete script to test:



          create login Test with password = '*****', check_policy = off;
          
grant select all user securables to Test;
          

          
select class_desc, permission_name, state_desc
          
from sys.server_permissions
          
where suser_name(grantee_principal_id) = 'Test';
          
---------------------------------------------------
          
--class_desc    permission_name state_desc
          
--SERVER    CONNECT SQL GRANT
          
--SERVER    SELECT ALL USER SECURABLES  GRANT
          

          
use MyDB;
          
create user Test from login Test;
          

          
select class_desc, permission_name, state_desc
          
from sys.database_permissions
          
where user_name(grantee_principal_id) = 'Test';
          
---------------------------------------------------
          
--class_desc    permission_name state_desc
          
--DATABASE  CONNECT GRANT
          

          
GRANT SELECT TO [Test]
          
GO
          
DENY DELETE TO [Test]
          
GO
          
DENY INSERT TO [Test]
          
GO
          
DENY UPDATE TO [Test]
          
GO
          

          
select class_desc, permission_name, state_desc
          
from sys.database_permissions
          
where user_name(grantee_principal_id) = 'Test';
          
---------------------------------------------------
          
--class_desc    permission_name state_desc
          
--DATABASE  CONNECT GRANT
          
--DATABASE  DELETE  DENY
          
--DATABASE  INSERT  DENY
          
--DATABASE  SELECT  GRANT
          
--DATABASE  UPDATE  DENY
          

          
select state_desc +'  ' + permission_name + ' to Test'
          
from sys.database_permissions
          
where user_name(grantee_principal_id) = 'Test'
          
      and permission_name <> 'connect';






          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Mar 22 at 7:54









          sepupicsepupic

          7,761820




          7,761820













          • Thank you everybody for the time you spend on this for me, very appreciated :)

            – user175111
            Mar 22 at 13:08



















          • Thank you everybody for the time you spend on this for me, very appreciated :)

            – user175111
            Mar 22 at 13:08

















          Thank you everybody for the time you spend on this for me, very appreciated :)

          – user175111
          Mar 22 at 13:08





          Thank you everybody for the time you spend on this for me, very appreciated :)

          – user175111
          Mar 22 at 13:08













          5














          Most probably because you are using the generate scripts method to do so.



          I would suggest to use open source DBA tools to view the permission or export.



          Aliases : Export-SqlUser



          Synopsis



          Exports users creation and its permissions to a T-SQL file or host.



          Description



          Exports users creation and its permissions to a T-SQL file or host. Export includes user, create and add to role(s), database level permissions, object level permissions.



          Example:




          PS C:> Export-DbaUser -SqlInstance sqlserver2014a -User User1, User2
          -Path C:tempusers.sql




          Exports ONLY users User1 and User2 from sqlserver2014a to the file C:tempusers.sql






          share|improve this answer


























          • is it probably Export-DbaUser?

            – user175111
            Mar 21 at 21:11











          • One more question, can we install this in a prod server?

            – user175111
            Mar 21 at 21:17











          • Yes it's widely used and recommended by community. As always said, test in lower environments and go to prod from there. Visit dbatools security page to get more clarification on this

            – KASQLDBA
            Mar 21 at 22:00
















          5














          Most probably because you are using the generate scripts method to do so.



          I would suggest to use open source DBA tools to view the permission or export.



          Aliases : Export-SqlUser



          Synopsis



          Exports users creation and its permissions to a T-SQL file or host.



          Description



          Exports users creation and its permissions to a T-SQL file or host. Export includes user, create and add to role(s), database level permissions, object level permissions.



          Example:




          PS C:> Export-DbaUser -SqlInstance sqlserver2014a -User User1, User2
          -Path C:tempusers.sql




          Exports ONLY users User1 and User2 from sqlserver2014a to the file C:tempusers.sql






          share|improve this answer


























          • is it probably Export-DbaUser?

            – user175111
            Mar 21 at 21:11











          • One more question, can we install this in a prod server?

            – user175111
            Mar 21 at 21:17











          • Yes it's widely used and recommended by community. As always said, test in lower environments and go to prod from there. Visit dbatools security page to get more clarification on this

            – KASQLDBA
            Mar 21 at 22:00














          5












          5








          5







          Most probably because you are using the generate scripts method to do so.



          I would suggest to use open source DBA tools to view the permission or export.



          Aliases : Export-SqlUser



          Synopsis



          Exports users creation and its permissions to a T-SQL file or host.



          Description



          Exports users creation and its permissions to a T-SQL file or host. Export includes user, create and add to role(s), database level permissions, object level permissions.



          Example:




          PS C:> Export-DbaUser -SqlInstance sqlserver2014a -User User1, User2
          -Path C:tempusers.sql




          Exports ONLY users User1 and User2 from sqlserver2014a to the file C:tempusers.sql






          share|improve this answer















          Most probably because you are using the generate scripts method to do so.



          I would suggest to use open source DBA tools to view the permission or export.



          Aliases : Export-SqlUser



          Synopsis



          Exports users creation and its permissions to a T-SQL file or host.



          Description



          Exports users creation and its permissions to a T-SQL file or host. Export includes user, create and add to role(s), database level permissions, object level permissions.



          Example:




          PS C:> Export-DbaUser -SqlInstance sqlserver2014a -User User1, User2
          -Path C:tempusers.sql




          Exports ONLY users User1 and User2 from sqlserver2014a to the file C:tempusers.sql







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Mar 21 at 23:40

























          answered Mar 21 at 19:39









          KASQLDBAKASQLDBA

          5,58261944




          5,58261944













          • is it probably Export-DbaUser?

            – user175111
            Mar 21 at 21:11











          • One more question, can we install this in a prod server?

            – user175111
            Mar 21 at 21:17











          • Yes it's widely used and recommended by community. As always said, test in lower environments and go to prod from there. Visit dbatools security page to get more clarification on this

            – KASQLDBA
            Mar 21 at 22:00



















          • is it probably Export-DbaUser?

            – user175111
            Mar 21 at 21:11











          • One more question, can we install this in a prod server?

            – user175111
            Mar 21 at 21:17











          • Yes it's widely used and recommended by community. As always said, test in lower environments and go to prod from there. Visit dbatools security page to get more clarification on this

            – KASQLDBA
            Mar 21 at 22:00

















          is it probably Export-DbaUser?

          – user175111
          Mar 21 at 21:11





          is it probably Export-DbaUser?

          – user175111
          Mar 21 at 21:11













          One more question, can we install this in a prod server?

          – user175111
          Mar 21 at 21:17





          One more question, can we install this in a prod server?

          – user175111
          Mar 21 at 21:17













          Yes it's widely used and recommended by community. As always said, test in lower environments and go to prod from there. Visit dbatools security page to get more clarification on this

          – KASQLDBA
          Mar 21 at 22:00





          Yes it's widely used and recommended by community. As always said, test in lower environments and go to prod from there. Visit dbatools security page to get more clarification on this

          – KASQLDBA
          Mar 21 at 22:00



          -

          Popular posts from this blog

          Plaza Victoria

          Image
          Plaza Victoria Plaza Victoria en 2017 Otros nombres Plaza de La Victoria Localización El Almendral, Valparaíso, Chile Vías adyacentes Chacabuco, Molina, Plaza Victoria y Edwards Creación 1841 Metro Bellavista Ubicación 33°02′46″S 71°37′11″O  /  -33.04624167, -71.61980833 Coordenadas: 33°02′46″S 71°37′11″O  /  -33.04624167, -71.61980833 [editar datos en Wikidata] La Plaza Victoria , también llamada Plaza de la Victoria , [ 1 ] ​ es una plaza ubicada en el sector El Almendral del plan de la ciudad de Valparaíso, Chile, de importancia patrimonial, que incluye valiosas estatuas y especies vegetales. [ 2 ] ​ La plaza se creó como tal en la primera mitad del siglo XIX, tomando previamente los nombres de Plaza Nueva y Plaza de Orrego . Si bien desde sus inicios tuvo relevancia histórica, no fue sino a partir de fines de los años 1860 cuando comenzó a cobrar mayor importancia y se convirtió en uno de los principales centros sociales de l
          Read more

          Puebla de Zaragoza

          Image
          Para otros usos de este término, véase Puebla (desambiguación). Heroica Puebla de Zaragoza Localidad De arriba a abajo de izquierda a derecha: Estrella de Puebla, Volcán Popocatépetl, Catedral de Puebla, Monumento a Ignacio Zaragoza, Estadio Cuauhtémoc, Angelópolis y Vista panorámica de la ciudad. Escudo Otros nombres: El relicario de América/ La ciudad de los Ángeles/ La Angelópolis Lema: Muy noble y muy leal ciudad de Puebla de los Ángeles Heroica Puebla de Zaragoza Localización de Heroica Puebla de Zaragoza en México Heroica Puebla de Zaragoza Localización de Heroica Puebla de Zaragoza en Puebla Mapa interactivo Coordenadas 19°03′05″N 98°13′04″O  /  19.051388888889, -98.217777777778 Coordenadas: 19°03′05″N 98°13′04″O  /  19.051388888889, -98.217777777778 Idioma oficial Español Entidad Localidad  • País   México  • Estado Puebla  • Municipio Puebla Presidente municipal Claudia Rivera Vivanc
          Read more

          Musa

          Image
          Para el género de plantas, véase Musa (planta). Apolo y la Nueve Musas En la mitología griega, las musas (en griego antiguo μοῦσαι « mousai» ) son, según los escritores más antiguos, las divinidades inspiradoras de las Artes: cada una de ellas está relacionada con ramas artísticas y del conocimiento. Son hijas de Zeus y de Mnemósine, compañeras del séquito de Apolo, dios olímpico de la música y patrón de las bellas artes, quien tuvo romances con cada una de ellas, dejando descendientes. Bajaban a la tierra a susurrar ideas e inspirar a aquellos mortales que las invocaran. En la época más arcaica eran las ninfas inspiradoras de las fuentes, en las cuales eran adoradas. Finalmente, alrededor de los siglos VIII-VII a. C. [ 1 ] ​ prevaleció en todo el territorio de la Hélade la adoración de las nueve Musas, que son Calíope, Clío, Erato, Euterpe, Melpómene, Polimnia, Talía, Terpsícore y Urania. El culto a las musas era originalmente de Tracia y Beocia, y fueron de vital impo
          Read more