Grant User Access to All SQL Server Databases
By: Ahmad Yaseen | Comments (15) | Related: > Security
Problem
Consider a situation when you have a large number of databases on your SQL Server, and you are requested to grant user access to all SQL Server databases. How can you grant access to a user for all databases on a SQL Server instance?
Solution
You have a few different options, in SQL Server Management Studio, you can tick each checkbox for all databases from the user mapping interface in the login properties to grant the access. This can take a long time to finish due to the large number of databases. The solution that I prefer, is to create a script that loops through all the databases and grants the user the requested access to each database. In this example, I will use a SQL Server Cursor which is a database object that is used to manipulate data on a row-by-row basis, instead of the typical T-SQL command that operates on all the rows at one time. In this example, I use a simple cursor with the LOCAL and FAST_FORWARD options to optimize its performance. Here is a brief explanation of these options:
- LOCAL - Specifies that the cursor can be available only in the batch in which the cursor was created, and will be de-allocated once the batch terminates.
- FAST_FORWARD - Specifies that the cursor produces the least amount of overhead on SQL Server by choosing the lowest cost static or dynamic plan.
SQL Server CREATE LOGIN Example
Let’s begin with creating a SQL Server login using the T-SQL code below:
USE [master] GO CREATE LOGIN [TipsDemoUser] WITH PASSWORD=N'[email protected]', DEFAULT_DATABASE=[master], CHECK_EXPIRATION=OFF, CHECK_POLICY=ON GO
Grant User Access to All SQL Server Databases
Based on the code above that we need to generate, let's exaplain the cursor code:
- Step 1 - Get a list of all user databases on our SQL Server instance, excluding the system databases (master, model, msdb, tempdb and distribution) from the sysdatabases table.
- Step 2 - Once the databases list is ready, loop through these database to create a user for that login and grant it read and write access on each database.
- Step 3 - Execute the string that was generated to create the user and grant permissions
Use master GO DECLARE @dbname VARCHAR(50) DECLARE @statement NVARCHAR(max) DECLARE db_cursor CURSOR LOCAL FAST_FORWARD FOR SELECT name FROM MASTER.dbo.sysdatabases WHERE name NOT IN ('master','model','msdb','tempdb','distribution') OPEN db_cursor FETCH NEXT FROM db_cursor INTO @dbname WHILE @@FETCH_STATUS = 0 BEGIN SELECT @statement = 'use '[email protected] +';'+ 'CREATE USER [TipsDemoUser] FOR LOGIN [TipsDemoUser]; EXEC sp_addrolemember N''db_datareader'', [TipsDemoUser];EXEC sp_addrolemember N''db_datawriter'', [TipsDemoUser]' exec sp_executesql @statement FETCH NEXT FROM db_cursor INTO @dbname END CLOSE db_cursor DEALLOCATE db_cursor
After executing the above script successfully, you can check the granted access from the Login Properties dialog box in SQL Server Management Studio below by expanding the Server Security and Logins nodes:

Next Steps
- Check out the Cursor options.
- Review the SQL Server Security Tips.
About the author

View all my tips