Sql-Server

如何檢查程序是否正在執行,需要哪些權限?

  • March 24, 2017

我有一個由域帳戶執行的程序,該程序MY_LOGIN需要執行一個過程THE_PROCEDURE,但只有在另一個名為PROCEDURE_TO_TEST的特定過程沒有執行時。

所有這些都在一個名為MY_DATABASE

我該如何MY_LOGIN檢查程序PROCEDURE_TO_TEST是否正在執行?

我應該授予哪些權限MY_LOGIN以便它可以執行此檢查?

我如何測試這是否有效?

PROCEDURE_TO_TEST以非常簡單的方式創建我的測試目的:

   USE MY_DATABASE
   GO

   CREATE PROCEDURE DBO.PROCEDURE_TO_TEST 
       AS BEGIN

       SELECT 'BEGIN'
       WAITFOR DELAY '00:00:15'
       SELECT 'AFTER'

       END
GO

我執行儲存過程PROCEDURE_TO_TEST並在一個單獨的視窗中使用下面的腳本檢查它是否正在執行。(如果它出現,那麼它正在執行)

declare @object int
SELECT @object=OBJECT_ID('DBO.PROCEDURE_TO_TEST')
SELECT @OBJECT

   Select *
               from        (

                               SELECT *
                               FROM sys.dm_exec_requests
                               where sql_handle is not null

               ) r 
               CROSS APPLY sys.dm_exec_sql_text(r.sql_handle) t
               where t.objectid = @object

我授予以下權限MY_USER

use master
go
GRANT VIEW SERVER STATE TO MY_LOGIN 
GO
use MY_DATABASE
go
GRANT VIEW DEFINITION ON [PROCEDURE_TO_TEST] TO MY_LOGIN 
GO

因為我使用OBJECT_ID (Transact-SQL)

使用者只能查看使用者擁有或已被授予權限的安全對象的元數據。這意味著如果使用者對對像沒有任何權限,那麼像 OBJECT_ID 這樣的元數據發射內置函式可能會返回 NULL。有關詳細資訊,請參閱元數據可見性配置

sys.dm_exec_sql_text (Transact-SQL)

權限 需要伺服器上的 VIEW SERVER STATE 權限。

現在出於測試目的,我將執行該過程PROCEDURE_TO_TEST,並在另一個視窗上檢查它是否正在執行IMPERSONATING MY_LOGIN

為此,我使用:

EXECUTE AS LOGIN='MY_LOGIN'

--===================================================================================
-- check who is the user running the show, and the original login
-- this is to test the 'execute as login' below
--===================================================================================

DECLARE @User VARCHAR(20)
SELECT @USER = SUBSTRING(SUSER_SNAME(), 
                        CHARINDEX('\', SUSER_SNAME()) + 1, LEN(SUSER_SNAME()))
SELECT   @USER 
       , SUSER_SNAME()
       ,SYSTEM_USER
       , USER_NAME()
       , CURRENT_USER
       , ORIGINAL_LOGIN()
       , USER
       ,SESSION_USER

當我完成測試並發現使用者可以執行腳本時,我就會回到原來的狀態:

REVERT

現在我將腳本包裝到一個我創建的名為的過程中,該過程isSPRunning作為參數接收@ProcedureName並檢查是否@ProcedureName正在執行:

USE MY_DATABASE
GO

GO
CREATE procedure issprunning 
@ProcedureName VARCHAR(108)
AS
/*
=======================================================================
Script  :   procedure issprunning 

Desc    :   

 Take as parameter a procedure name and returns 1 if it is running
  and 0 if it is not running or the procedure has not been found
  or the user does not have required permissions.


Required Permissions:

  The required permissions to make use of this procedure are:

  1) procedure to run this procedure
  2) VIEW SERVER state
  3) view definition on the @ProcedureName procedure

  the granting of permissions:
  (please replace the username and database name accordingly)


   use master
   go
   GRANT VIEW SERVER STATE TO MY_LOGIN 
   GO
   use MY_DATABASE
   go
   GRANT VIEW DEFINITION ON [PROCEDURE_TO_TEST] TO MY_LOGIN 
   GO
   GRANT EXECUTE ON isSpRunning TO [MY_LOGIN] 
   GO

Usage   :  

        DECLARE @I INT
        EXEC @I = issprunning 'PROCEDURE_TO_TEST'
        SELECT @I


Links   :

=======================================================================
History
Date             Action        User                Desc
-----------------------------------------------------------------------
03-Mar-2017     created       Marcelo Miorelli


=======================================================================
*/
BEGIN 
SET NOCOUNT ON

declare @object int
SELECT @object=OBJECT_ID(@ProcedureName)
--SELECT @OBJECT

RETURN CASE WHEN 
EXISTS(

               Select *
               from        (

                               SELECT *
                               FROM sys.dm_exec_requests
                               where sql_handle is not null

               ) r 
               CROSS APPLY sys.dm_exec_sql_text(r.sql_handle) t
               where t.objectid = @object

) THEN 1 ELSE 0 END 

END 
GO
GRANT EXECUTE ON dbo.issprunning to [MY_LOGIN] as dbo
GO

為了使它更容易,以便我可以傳遞任何存在的過程名稱,MY_DATABASE我已經擴展了授予的權限,但請考慮這在您自己的環境中的含義。

   use MY_DATABASE
   go
   GRANT VIEW DEFINITION TO [MY_LOGIN] 
   GO

引用自:https://dba.stackexchange.com/questions/168085