如何列出用户定义表类型的权限?
Mar*_*lli 5 sql-server permissions sql-server-2008-r2 sql-server-2012 user-defined-type
我正在使用一些用户定义的表类型。它们非常有用。
您可以通过运行这个简单的脚本来查看有关它们的信息:
SELECT o.* from sys.table_types o
我有一个过程可以显示用户对象的所有权限。我也可以指定对象的名称。代码是这样的:
DECLARE @OBJ SYSNAME
SELECT @OBJ ='%' -- shows all objects
;WITH
RADHARANI AS (
SELECT
dp.NAME AS principal_name
,dp.type_desc AS principal_type_desc
,o.NAME AS object_name
,o.type_desc
,p.permission_name
,p.state_desc AS permission_state_desc
FROM sys.all_objects o
INNER JOIN sys.database_permissions p ON o.OBJECT_ID=p.major_id
LEFT OUTER JOIN sys.database_principals dp ON p.grantee_principal_id = dp.principal_id
WHERE O.OBJECT_ID > 0
AND O.TYPE <> 'S' -- no system
AND O.parent_object_id = 0 -- no constraints
AND o.NAME like @OBJ
)
SELECT * FROM RADHARANI
SELECT @@ROWCOUNT
在我上面的代码中,我没有列出我的用户定义表类型的权限。
我怎样才能做到这一点?
这些是我授予我的类型的权限,以便用户可以使用它:
USE [Bocss2]
GO
--=====================================================
-- create the DespatchStatus table type
-- if it does not exist already
--=====================================================
IF NOT EXISTS (SELECT * from sys.table_types) BEGIN
CREATE TYPE [dbo].[DespatchStatus] AS TABLE(
lngDespatchStatusID int not null
,PRIMARY KEY CLUSTERED(lngDespatchStatusID)
)
END
GO
use [Bocss2]
GO
GRANT REFERENCES ON TYPE::[dbo].[DespatchStatus] TO [WebDevelopment]
GO
GRANT VIEW DEFINITION ON TYPE::[dbo].[DespatchStatus] TO [WebDevelopment]
GO
GRANT EXECUTE ON TYPE::[dbo].[DespatchStatus] TO [WebDevelopment] AS [dbo]
GO
这就是它在存储过程中的使用方式:
--=====================================================
-- declare and populate the DespatchStatus
--=====================================================
DECLARE @DIS DespatchStatus;
INSERT INTO @DIS(lngDespatchStatusID) VALUES (7)
INSERT INTO @DIS(lngDespatchStatusID) VALUES (11)
INSERT INTO @DIS(lngDespatchStatusID) VALUES (17)
INSERT INTO @DIS(lngDespatchStatusID) VALUES (19)
最后,受 Aaron 回答的启发,我的许可脚本如下:(使用 UNION ALL)
DECLARE @OBJ SYSNAME
SELECT @OBJ ='%' -- shows all objects
;WITH
RADHARANI AS (
SELECT
dp.NAME AS principal_name
,dp.type_desc AS principal_type_desc
,o.NAME AS object_name
,o.type_desc
,p.permission_name
,p.state_desc AS permission_state_desc
FROM sys.all_objects o
INNER JOIN sys.database_permissions p ON o.OBJECT_ID=p.major_id
LEFT OUTER JOIN sys.database_principals dp ON p.grantee_principal_id = dp.principal_id
WHERE O.OBJECT_ID > 0
AND O.TYPE <> 'S' -- no system
AND O.parent_object_id = 0 -- no constraints
AND o.NAME like @OBJ
UNION ALL
SELECT
dp.NAME AS principal_name
,dp.type_desc AS principal_type_desc
,o.NAME AS object_name
,[type_desc] = 'User-Defined Table Type'
,p.permission_name
,p.state_desc AS permission_state_desc
FROM sys.table_types o
INNER JOIN sys.database_permissions p ON o.user_type_id=p.major_id
LEFT OUTER JOIN sys.database_principals dp ON p.grantee_principal_id = dp.principal_id
WHERE o.NAME like @OBJ
)
SELECT * FROM RADHARANI
SELECT @@ROWCOUNT
正如您在下图中所看到的,在所有对象之后,我的表类型与其权限一起显示。
这将列出对表类型显式授予的权限,但不会列出通过角色或组成员身份隐式授予的权限,或针对包含架构授予的权限。
SELECT
[schema] = s.name,
[type] = t.name,
[user] = u.name,
p.permission_name,
p.state_desc
FROM sys.database_permissions AS p
INNER JOIN sys.database_principals AS u
ON p.grantee_principal_id = u.principal_id
INNER JOIN sys.types AS t
ON p.major_id = t.user_type_id--.[object_id]
INNER JOIN sys.schemas AS s
ON t.[schema_id] = s.[schema_id]
WHERE p.class = 6; -- TYPE
我很好奇您在系统中对表类型使用什么类型的显式权限?从文档中,您不需要为标准运行时查询支持实现很多(SELECT例如,您不能直接授予)。似乎这主要用于元数据/控制。
- 我已更新问题以显示我授予表类型的权限。例如,如果没有 EXECUTE,它们将无法运行声明 DespatchStatus 的存储过程。 (3认同)