在 SSMS GUI 上查看 SQL Server 日志的权限
Sta*_*ser 2 sql-server-2008 sql-server ssms sql-server-2008-r2 error-log
我想让用户从 GUI 中查看 SQL Server 日志,而不是通过 xp_readerrorlog。我只是想知道这是否可能?
谢谢你。
是的,这可以通过创建具有“ securityadmin”服务器角色的用户,然后根据需要Deny通过登录触发器访问 SQL Server 查询窗口来实现
USE [master]
GO
----Create Login
CREATE LOGIN [DBA_ErrorLogUser]
WITH PASSWORD=N'123', DEFAULT_DATABASE=[master],
CHECK_EXPIRATION=OFF, CHECK_POLICY=OFF
GO
--- Add server Add securityadmin
-- To view SQL Server error logs user must be a part of securityadmin server role
EXEC master..sp_addsrvrolemember
@loginame = N'DBA_ErrorLogUser', @rolename = N'securityadmin'
GO
--- Mapp user with login to grant access to logs
CREATE USER [DBA_ErrorLogUser] FOR LOGIN [DBA_ErrorLogUser]
GO
--- Deny Alter to any Login
DENY ALTER ANY LOGIN TO DBA_ErrorLogUser
GO
--- Grant permission to view Sql Server Logs
Grant EXECUTE ON master.sys.xp_readerrorlog TO DBA_ErrorLogUser
GO
--- Create a log on Trigger to deny access to Query Window
IF EXISTS ( SELECT *
FROM master.sys.server_triggers
WHERE parent_class_desc = 'SERVER'
AND name = N'Deny_QueryWindowLogin_Trigger' )
DROP TRIGGER [Deny_QueryWindowLogin_Trigger] ON ALL SERVER
GO
Create TRIGGER Deny_QueryWindowLogin_Trigger ON ALL SERVER
WITH EXECUTE AS 'sa'
FOR LOGON
AS
BEGIN
DECLARE @data XML
SET @data = EVENTDATA()
DECLARE @AppName SYSNAME,
@LoginName SYSNAME
SELECT @AppName = [program_name]
FROM sys.dm_exec_sessions
WHERE session_id = @data.value('(/EVENT_INSTANCE/SPID)[1]', 'int')
SELECT @LoginName = @data.value('(/EVENT_INSTANCE/LoginName)[1]', 'sysname')
IF @AppName= 'Microsoft SQL Server Management Studio - Query' AND @LoginName = 'DBA_ErrorLogUser'
BEGIN
ROLLBACK ; --Disconnect the session
END
END ;
注意:必须阅读 securityadmin 服务器角色权限
| 归档时间: |
|
| 查看次数: |
12147 次 |
| 最近记录: |