Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1903
  • Last Modified:

Script to capture logins and user permissions prior to a restore?

I'm trying to figure out a way to automate the creation of logins and user permissions. I'm new to SQL administration and inadvertently keep missing one permission here and there and I'm trying to find a full-proof way not to miss any logins and permissions. Below is the manual process I do simply because I don't know any better. Surely there is an automated way to do this?

Scenario:
I have a DB on our test server. I've been asked to restore the DB from production to test and to keep the existing logins and permissions that were on the test DB before the restore.

Current Process:
1) I log onto the test DB.

2) Run the "sp_helpuser" command to capture the existing logins and permissions. Take a screenshot of the results using Snagit or if too large to display all on the screen I copy all with headers and paste it into an Excel spreadsheet.

3) Select the task to "Generate Scripts" and select the following options.
    a) Select specific database objects
    b) Select "users"
    c) Select "Database Roles"
    d) Copy to clipboard

4) Then I store the script to my log file.

5) Backup DB.

Restore Process:

1) Restore DB.

2) Run script that re-creates the Users and Database Roles.

3) Run "sp_helpuser" and reset the missing permissions and orphaned users. I miss these occasionally.
    a) I type the following command to fix the orphaned user issue.
         i) sp_change_users_login 'Auto_Fix', 'User_ID'

Does anyone have a better way of preserving and restoring the logins, users and permissions than what I am doing? I am open to any and all suggestions as I hate making  mistakes.

Thanks
0
Lobsterguy
Asked:
Lobsterguy
1 Solution
 
lcohanDatabase AnalystCommented:
Assuming you take and use a FULL database backup do the following:

Before you RESTORE the database on the other server you should transfer all the Logins by using:
"How to transfer logins and passwords between instances of SQL Server"
http://support.microsoft.com/kb/918992

when you run that sql script on the Source server it will generate output to be executed on the Target server and you can take out logins you don't need to move - don't worry passwords are included but they are hashed.

This way this is the only thing to do security related and after you restore the DB all users from the database will be already binded to the database roles.

That is - Security exists at SQL Server level and must be done first then at the Database level and that's done for you during the database restore.
0
 
LobsterguyAuthor Commented:
Thanks for the input. Should get me going.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now