Eli*_*ias 18 trigger sql-server stored-procedures t-sql sql-server-2012
我有敏感的价格列,我只想通过存储过程进行更新。如果不使用旨在更新它的存储过程,我希望所有代码或手动尝试更改这些价格列中的值都失败。
我正在考虑使用触发器和令牌表来实现这一点。我正在考虑的想法是有一个令牌表。存储过程必须首先在令牌表中插入值。然后更新价格列。更新触发器将检查更新行的令牌表中是否存在该令牌。如果找到,它将继续。如果未找到令牌,则会抛出异常并使更新事务失败。
有没有好的/更好的方法来实现这个限制?
小智 22
SQL Server 允许列级权限。举个例子:
GRANT UPDATE ON dbo.Person (FirstName, LastName) TO SampleRole;
DENY UPDATE ON dbo.Person (Age, Salary) TO SampleRole;
-- prevent your web app user from updating that column directly:
DENY UPDATE ON dbo.YourTable(Price) TO WebApplicationUserName;
GO
-- create a stored procedure while logged in as sysadmin:
CREATE PROCEDURE dbo.UpdateYourTable
@ProductID INT,
@Price DECIMAL(10,2)
WITH EXECUTE AS OWNER
AS
BEGIN
SET NOCOUNT ON;
UPDATE dbo.YourTable
SET Price = @Price
WHERE ProductID = @ProductID;
END
GO
-- grant explicit access only to that stored procedure to the web app user:
GRANT EXEC ON dbo.UpdateYourTable TO WebApplicationUserName;
| 归档时间: |
|
| 查看次数: |
28188 次 |
| 最近记录: |