USE [master]
GO  
--- replace "AimBetter" with your sql login
IF NOT EXISTS (SELECT * FROM sys.syslogins  WHERE name ='AimBetter')
BEGIN
CREATE LOGIN [AimBetter] WITH PASSWORD= N'{password}',
DEFAULT_DATABASE=[master], DEFAULT_LANGUAGE=[us_english], CHECK_EXPIRATION=OFF, CHECK_POLICY=OFF
END  
GO  
GRANT ALTER TRACE TO [AimBetter] 
GO
GRANT VIEW ANY DATABASE TO [AimBetter]
GO
GRANT VIEW SERVER STATE TO [AimBetter]
GO
GRANT VIEW ANY DEFINITION TO [AimBetter]
GO
IF (SELECT compatibility_level  FROM sys.databases where database_id =2)>100
EXEC ('GRANT ALTER ANY EVENT SESSION TO [AimBetter]')
GO


use msdb
GO
IF NOT EXISTS (SELECT * FROM sys.sysusers  WHERE name ='AimBetter')
EXEC('CREATE USER [AimBetter] FOR LOGIN [AimBetter]');
GRANT SELECT ON [dbo].[sysjobhistory] TO [AimBetter]
GRANT SELECT ON [dbo].[sysjobactivity] TO [AimBetter]
GRANT SELECT ON [dbo].[sysjobs] TO [AimBetter]
GO


DECLARE @all BIT =0
IF OBJECT_ID('tempdb..#DB')IS NOT NULL
DROP TABLE #DB;
CREATE TABLE #DB (DB sysname)
INSERT #DB
EXEC sp_MSforeachdb '
USE [?]
IF     CONVERT(NVARCHAR(MAX),DATABASEPROPERTYEX(''?'', ''Updateability'')) LIKE ''READ_WRITE''
BEGIN
SELECT DB_NAME() FROM sys.database_principals where type_desc = ''SQL_USER'' and default_schema_name = ''dbo''
AND name=''AimBetter''
END
'




-- USER DB
DECLARE @CMD VARCHAR(MAX)=''
SELECT @CMD=@CMD+'
USE ['+name +']
IF  NOT EXISTS(SELECT * FROM sys.sysusers WHERE name =''AimBetter'')
AND        CONVERT(NVARCHAR(MAX),DATABASEPROPERTYEX('''+name +''', ''Updateability'')) LIKE ''READ_WRITE''
BEGIN
EXEC(''CREATE USER [AimBetter] FOR LOGIN [AimBetter]'');
END
EXEC sp_addrolemember N''db_ddladmin'', N''AimBetter''
DENY ALTER ANY ASSEMBLY                    TO [AimBetter]
DENY ALTER ANY ASYMMETRIC KEY              TO [AimBetter]
DENY ALTER ANY CERTIFICATE                 TO [AimBetter]
DENY ALTER ANY CONTRACT                    TO [AimBetter]
DENY ALTER ANY DATABASE DDL TRIGGER        TO [AimBetter]
DENY ALTER ANY DATABASE EVENT NOTIFICATION TO [AimBetter]
DENY ALTER ANY DATASPACE                   TO [AimBetter]
DENY ALTER ANY FULLTEXT CATALOG            TO [AimBetter]
DENY ALTER ANY MESSAGE TYPE                TO [AimBetter]
DENY ALTER ANY REMOTE SERVICE BINDING      TO [AimBetter]
DENY ALTER ANY ROUTE                       TO [AimBetter]
DENY ALTER ANY SCHEMA                      TO [AimBetter]
DENY ALTER ANY SERVICE                     TO [AimBetter]
DENY ALTER ANY SYMMETRIC KEY               TO [AimBetter]
DENY CHECKPOINT                            TO [AimBetter]
DENY CREATE AGGREGATE                      TO [AimBetter]
DENY CREATE DEFAULT                        TO [AimBetter]
DENY CREATE FUNCTION                       TO [AimBetter]
DENY CREATE PROCEDURE                      TO [AimBetter]
DENY CREATE QUEUE                          TO [AimBetter]
DENY CREATE RULE                           TO [AimBetter]
DENY CREATE SYNONYM                        TO [AimBetter]
DENY CREATE TABLE                          TO [AimBetter]
DENY CREATE TYPE                           TO [AimBetter]
DENY CREATE VIEW                           TO [AimBetter]
DENY CREATE XML SCHEMA COLLECTION          TO [AimBetter]
DENY REFERENCES                            TO [AimBetter]
'
FROM sys.databases
WHERE DATABASEPROPERTYEX ( name , 'Updateability' ) ='READ_WRITE' AND
 (@all=1 OR name<>'rdsadmin' and name NOT IN(SELECT DB FROM #DB)) AND
 state =0 And database_id>4
IF @CMD<>''
BEGIN
PRINT @CMD
EXEC(@CMD)
END