Recent Posts | - May, 2023-5,(1)
- February, 2023-2,(1)
- November, 2022-11,(1)
- July, 2022-7,(2)
- March, 2022-3,(1)
- November, 2021-11,(2)
- August, 2021-8,(2)
- July, 2021-7,(2)
- June, 2021-6,(1)
- May, 2021-5,(1)
- March, 2021-3,(1)
- February, 2021-2,(2)
- January, 2021-1,(7)
- December, 2020-12,(3)
- March, 2020-3,(2)
- February, 2020-2,(1)
- December, 2019-12,(2)
- November, 2019-11,(1)
- October, 2019-10,(1)
- September, 2019-9,(1)
- August, 2019-8,(1)
- May, 2019-5,(1)
- April, 2019-4,(2)
- March, 2019-3,(2)
- December, 2018-12,(1)
- November, 2018-11,(4)
- July, 2018-7,(1)
- May, 2018-5,(3)
- April, 2018-4,(2)
- February, 2018-2,(3)
- January, 2018-1,(3)
- November, 2017-11,(2)
- August, 2017-8,(1)
- June, 2017-6,(3)
- May, 2017-5,(5)
- February, 2017-2,(1)
- December, 2016-12,(1)
- October, 2016-10,(2)
- September, 2016-9,(1)
- August, 2016-8,(1)
- July, 2016-7,(1)
- March, 2016-3,(2)
- February, 2016-2,(3)
- December, 2015-12,(5)
- November, 2015-11,(5)
- September, 2015-9,(1)
- August, 2015-8,(2)
- July, 2015-7,(1)
- March, 2015-3,(2)
- February, 2015-2,(1)
- December, 2014-12,(4)
- July, 2014-7,(2)
- June, 2014-6,(2)
- May, 2014-5,(3)
- April, 2014-4,(3)
- March, 2014-3,(1)
- December, 2013-12,(2)
- November, 2013-11,(1)
- July, 2013-7,(1)
- June, 2013-6,(2)
- May, 2013-5,(1)
- March, 2013-3,(3)
- February, 2013-2,(3)
- January, 2013-1,(1)
- December, 2012-12,(3)
- November, 2012-11,(1)
- October, 2012-10,(1)
- September, 2012-9,(1)
- August, 2012-8,(1)
- July, 2012-7,(6)
- June, 2012-6,(1)
- April, 2012-4,(1)
- March, 2012-3,(3)
- February, 2012-2,(3)
- January, 2012-1,(4)
- December, 2011-12,(3)
- October, 2011-10,(3)
- September, 2011-9,(1)
- August, 2011-8,(10)
- July, 2011-7,(2)
- June, 2011-6,(7)
- March, 2011-3,(2)
- February, 2011-2,(3)
- January, 2011-1,(1)
- September, 2010-9,(1)
- August, 2010-8,(2)
- June, 2010-6,(1)
- May, 2010-5,(1)
- April, 2010-4,(3)
- March, 2010-3,(2)
- February, 2010-2,(3)
- January, 2010-1,(1)
- December, 2009-12,(3)
- November, 2009-11,(3)
- October, 2009-10,(2)
- September, 2009-9,(5)
- August, 2009-8,(3)
- July, 2009-7,(9)
- June, 2009-6,(2)
- May, 2009-5,(2)
- April, 2009-4,(9)
- March, 2009-3,(6)
- February, 2009-2,(4)
- January, 2009-1,(10)
- December, 2008-12,(5)
- November, 2008-11,(5)
- October, 2008-10,(13)
- September, 2008-9,(10)
- August, 2008-8,(7)
- July, 2008-7,(8)
- June, 2008-6,(12)
- May, 2008-5,(14)
- April, 2008-4,(12)
- March, 2008-3,(17)
- February, 2008-2,(10)
- January, 2008-1,(16)
- December, 2007-12,(6)
- November, 2007-11,(4)
|
|
|
|
Grant Truncate Table Permissions in SQL Server ?
|
3/3/2008 3:24:36 PM
|
|
This has been a thorn in my side as long as I have worked with SQL Server. There are times you want to grant truncate table permissions, either on a table or all tables etc to a specific user and/or service account, BUT you do not want to grant any alter or DDL privlidges or worse db owner!
Now why Microsoft, in SQL Server 2005 did not make this available, I do not know; as smart as the people who I have seen and met that work on the product, I'm sure they could have overcome any technical issue given them. And please don't use ANSI Standard or some other weak excuse. I want to be able to type "Grant Truncate on Table to User", just like Select, Update or Delete. Too BAD for me.
Fortunately Micro$oft did give us a "fishing pole", so go learn how to fish and explore: execute as. With this procedure you can delegate and impersonate to accomplish tasks.
So the basic setup we devised, (which was based on a model used by our Oracle group):
- Stored procedure - using Execute As to elevate rights
- Control Table - to determine which tables a user is authorized to truncate
- Audit Table - who, what and when (could be enhanced for why !)
The scripts below need a slight review and may need work for you particular enviornment, but the "guts" of the process is here. Note that the control and audit table are in a dedicated DBA Schema.
USE {database}
GO
/****** Object: Schema [dba] Script Date: 03/03/2008 13:26:31 ******/
CREATE SCHEMA [dba] AUTHORIZATION [dbo]
/****** Object: Table [dba].[TRUNCATE_AUDIT] Script Date: 03/03/2008 13:26:15 ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
SET ANSI_PADDING ON
GO
CREATE TABLE [dba].[TRUNCATE_AUDIT](
[Truncate_Audit_Id] [int] IDENTITY(1,1) NOT NULL,
[HostName] [varchar] (30) NOT NULL CONSTRAINT [DF__TRUNCATE___HostN__440B1D61] DEFAULT (host_name()),
[UserName] [varchar] (30) NOT NULL,
[DATETIME] [datetime] NOT NULL CONSTRAINT [DF__TRUNCATE___DATET__44FF419A] DEFAULT (getdate()),
[TABLE_NAME] [varchar] (100) NOT NULL,
[TABLE_OWNER] [varchar] (30) NOT NULL,
[SUCCESS] [int] NOT NULL CONSTRAINT [DF__TRUNCATE___SUCCE__45F365D3] DEFAULT ((-1)),
CONSTRAINT [PK__TRUNCATE_AUDIT__4316F928] PRIMARY KEY CLUSTERED
(
[Truncate_Audit_Id] ASC
) WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY]
) ON [PRIMARY]
GO
SET ANSI_PADDING OFF
/****** Object: Table [dbo].[TRUNCATE_LIST] Script Date: 03/03/2008 13:35:01 ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
SET ANSI_PADDING ON
GO
CREATE TABLE [dba].[TRUNCATE_LIST](
[List_Id] [int] IDENTITY(1,1) NOT NULL,
[List_Table_Name] [varchar] (256) NOT NULL,
CONSTRAINT [PK_dba.TRUNCATE_LIST] PRIMARY KEY CLUSTERED
(
[List_Id] ASC
) WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY]
) ON [PRIMARY]
GO
SET ANSI_PADDING OFF
/****** Object: StoredProcedure [dbo].[TRUNCATE_TBL] Script Date: 03/03/2008 13:27:22 ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
USE [{database}]
GO
/****** Object: StoredProcedure [dbo].[TRUNCATE_TBL] Script Date: 03/03/2008 13:43:10 ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
CREATE Procedure [dbo].[TRUNCATE_TBL] @tbl varchar(1000),@owner varchar(30)='dbo'
WITH EXECUTE AS SELF
as
begin
Declare @username varchar(30)
Set @username = Original_login()
If exists (select * from dba.truncate_list
Where [List_Table_Name] = @tbl)
Begin
Declare @rc int
Declare @truncate_Audit_id int
Insert into dba.truncate_Audit (table_name,table_owner,username)
Values (@tbl,@owner,@userName)
Set @truncate_audit_id = scope_identity()
declare @dynamic_sql nvarchar(1000)
set @dynamic_sql = 'Truncate Table ' + @owner + '.' + @tbl
--Print @dynamic_sql
set @rc = -1
BEGIN TRY
exec @rc = sp_executeSQL @dynamic_SQL
END TRY
BEGIN CATCH
DECLARE @ErrorMessage NVARCHAR(4000),
@ErrorNumber INT,
@ErrorSeverity INT,
@ErrorState INT,
@ErrorLine INT,
@ErrorProcedure NVARCHAR(200);
SELECT @ErrorNumber = ERROR_NUMBER(),
@ErrorSeverity = ERROR_SEVERITY(),
@ErrorState = ERROR_STATE(),
@ErrorLine = ERROR_LINE(),
@ErrorProcedure = ISNULL(ERROR_PROCEDURE(), '-');
SELECT @ErrorMessage =
N 'Error %d, Level %d, State %d, Procedure %s, Line %d, ' +
'Message: '+ ERROR_MESSAGE();
-- Raise an error: msg_str parameter of RAISERROR will contain
-- the original error information.
RAISERROR (@ErrorMessage,@ErrorSeverity,1,
@ErrorNumber ,@ErrorSeverity,@ErrorState,@ErrorProcedure,
@ErrorLine )
RETURN @RC
END CATCH
Update dba.truncate_audit
Set success = @rc
Where truncate_audit_id = @truncate_audit_id
End
ELSE
Begin
RAISERROR('Cannot find the object because it does not exist or you do not have permissions.',
16 ,1,1088,16,7,'[dbo].[TRUNCATE_TBL]',1)
Return -1
End
END
/*
Insert into dba.truncate_list values ('DW_List')
Insert into dba.truncate_list values ('Daily_Efile')
grant exec on dbo.truncate_tbl to leap_efile_dw_pull_dev
grant exec on dbo.truncate_tbl to [hrbinc\x104041]
create table dbo.bob (col1 char(10))
-- drop table bob
*/
/*
insert into bob values ('test1')
insert into bob values ('test2')
insert into bob values ('test3')
insert into bob values ('test4')
truncate table dba.truncate_list
*/
|
Blog Home
|
|