kwelsql/permissions.sql

## permissions.sql
--Script to run on the destination database before we start the refreshing
-- And save the result
SELECT
dp.state_desc + N' ' + dp.permission_name + N' TO ' + cast(QUOTENAME(dpl.name COLLATE DATABASE_DEFAULT) as nvarchar(500)) + ';' AS "--SQL Script to Run:"
FROM sys.database_permissions AS dp
INNER JOIN sys.database_principals AS dpl ON (dp.grantee_principal_id = dpl.principal_id)
WHERE dp.major_id = 0
and dpl.name not like '##%' -- excluds PBM accounts
and dpl.name not in ('dbo', 'sa', 'public')
--ORDER BY dp.permission_name ASC, dp.state_desc ASC
UNION ALL
--Database role memberships
(SELECT DISTINCT
'EXEC sp_addrolemember @membername = N''' + dp.name COLLATE DATABASE_DEFAULT + ''', @rolename = N''' + drole.name + '''' + ';'AS "T-SQL Script"
FROM sys.database_role_members AS drm
inner join sys.database_principals drole on (drm.role_principal_id = drole.principal_id)
inner join sys.database_principals dp on (drm.member_principal_id = dp.principal_id)
where dp.name not in ('dbo', 'sa', 'public')
)
--Object level permissions
UNION ALL
SELECT dp.state_desc + N' ' + dp.permission_name + N' ON '    + QUOTENAME(SCHEMA_NAME(obj.schema_id)) + '.' + QUOTENAME(obj.name)    + N' TO ' + QUOTENAME(dpl.name COLLATE database_default) + ';'AS "T-SQL Script"
FROM  sys.database_permissions AS dp
INNER JOIN sys.objects AS obj ON ( dp.major_id = obj.[object_id] )
INNER JOIN sys.database_principals AS dpl ON ( dp.grantee_principal_id = dpl.principal_id )
LEFT JOIN sys.columns AS col ON ( col.column_id = dp.minor_id  AND col.[object_id] = dp.major_id)
WHERE  obj.name NOT LIKE 'dt%'
AND obj.is_ms_shipped = 0
AND dpl.name NOT IN ( 'dbo', 'sa', 'public' )
--ORDER BY dp.permission_name ASC ,    dp.state_desc ASC
	--Script to run on the destination database before we start the refreshing
	-- And save the result
	SELECT
	dp.state_desc + N' ' + dp.permission_name + N' TO ' + cast(QUOTENAME(dpl.name COLLATE DATABASE_DEFAULT) as nvarchar(500)) + ';' AS "--SQL Script to Run:"
	FROM sys.database_permissions AS dp
	INNER JOIN sys.database_principals AS dpl ON (dp.grantee_principal_id = dpl.principal_id)
	WHERE dp.major_id = 0
	and dpl.name not like '##%' -- excluds PBM accounts
	and dpl.name not in ('dbo', 'sa', 'public')
	--ORDER BY dp.permission_name ASC, dp.state_desc ASC
	UNION ALL
	--Database role memberships
	(SELECT DISTINCT
	'EXEC sp_addrolemember @membername = N''' + dp.name COLLATE DATABASE_DEFAULT + ''', @rolename = N''' + drole.name + '''' + ';'AS "T-SQL Script"
	FROM sys.database_role_members AS drm
	inner join sys.database_principals drole on (drm.role_principal_id = drole.principal_id)
	inner join sys.database_principals dp on (drm.member_principal_id = dp.principal_id)
	where dp.name not in ('dbo', 'sa', 'public')
	)
	--Object level permissions
	UNION ALL
	SELECT dp.state_desc + N' ' + dp.permission_name + N' ON ' + QUOTENAME(SCHEMA_NAME(obj.schema_id)) + '.' + QUOTENAME(obj.name) + N' TO ' + QUOTENAME(dpl.name COLLATE database_default) + ';'AS "T-SQL Script"
	FROM sys.database_permissions AS dp
	INNER JOIN sys.objects AS obj ON ( dp.major_id = obj.[object_id] )
	INNER JOIN sys.database_principals AS dpl ON ( dp.grantee_principal_id = dpl.principal_id )
	LEFT JOIN sys.columns AS col ON ( col.column_id = dp.minor_id AND col.[object_id] = dp.major_id)
	WHERE obj.name NOT LIKE 'dt%'
	AND obj.is_ms_shipped = 0
	AND dpl.name NOT IN ( 'dbo', 'sa', 'public' )
	--ORDER BY dp.permission_name ASC , dp.state_desc ASC