I’m new to Liquibase and have just done my first changeset, shown below.
Would it be possible to write such a T-SQL statement in a YAML format to be database engine agnostic?
If yes some pointers would be much appreciated…
Or would it be better/simpler to specify “dbms: mssql” in the first - SQL section followed by a second section with, eg “dbms: postgresql” and appropriate PostgreSQL code
- changeSet:
id: 1.0.0:Grant Schema Permissions
author: Me and myself
changes:
- sql:
endDelimiter: \nGO
splitStatements: true
sql: DECLARE @UserName varchar(100) = (SELECT TOP(1) [Name] FROM sys.database_principals WHERE [name] LIKE N'%_User' AND type = 'S' AND [name] LIKE '%$(Environment)%');
DECLARE @RevokCmd varchar(1000) = 'REVOKE DELETE, INSERT, SELECT, UPDATE ON SCHEMA::[TheSchema] TO ['+@UserName+'] AS [dbo]';
PRINT 'Adding the role TheDbRole and dealing with role membership and table permissions to this role.';
IF EXISTS (SELECT * FROM sys.schemas WHERE name = N'TheSchema')
BEGIN
-- Add Role;
IF NOT EXISTS (SELECT * FROM sys.database_principals WHERE name = N'TheDbRole' AND type = 'R') CREATE ROLE [TheDbRole] AUTHORIZATION [dbo];
-- Grant table access to the role;
IF EXISTS (SELECT * FROM sys.database_principals WHERE name = N'TheDbRole' AND type = 'R')
BEGIN
IF EXISTS (SELECT * FROM sys.objects WHERE object_id = OBJECT_ID(N'[TheSchema].[QUESTION]') AND type in (N'U'))
GRANT DELETE, INSERT, SELECT, UPDATE ON [TheSchema].[QUESTION] TO [TheDbRole];
IF EXISTS (SELECT * FROM sys.objects WHERE object_id = OBJECT_ID(N'[TheSchema].[QUESTION_TYPE]') AND type in (N'U'))
GRANT DELETE, INSERT, SELECT, UPDATE ON [TheSchema].[QUESTION_TYPE] TO [TheDbRole];
-- Add existing DBA Roles where User is already a member to the TheDbRole Role;
ALTER ROLE [TheDbRole] ADD MEMBER [AnotherDbRole_READ_EXECUTE];
ALTER ROLE [TheDbRole] ADD MEMBER [AnotherDbRole_READ_SELECT];
-- Remove current User access from the TheSchema schema;
-- REVOKE DELETE, INSERT, SELECT, UPDATE ON SCHEMA::[TheSchema] TO '['+@UserName+']' AS [dbo];
IF @RevokCmd IS NOT NULL
PRINT ' > Dealing with >>> '+@RevokCmd;
ELSE PRINT ' > Could not find User account to revoke from TheSchema Schema';
EXEC(@RevokCmd);
END
END
ELSE PRINT ' > The TheSchema Schema does not exist so nothing to do';
stripComments: true