Rok*_*uta 4 schema security sql-server permissions sql-server-2014
我创建了一个默认数据库并在该数据库中创建了一些模式。为每个架构创建了用户,现在我只想为架构中的每个用户授予完全权限,我该怎么办?
从文档(授予架构权限):
GRANT SELECT, DELETE -- , etc.
ON SCHEMA::schema_name
TO user_name;
对于某些权限,需要在数据库级别和架构级别授予它们。例如,您可以CREATE TABLE在数据库级别授予用户权限,但这不仅仅允许他们在任何模式中创建表。这是您可以完成的示例:
-- create a server-level SQL auth login
CREATE LOGIN DouglasExample WITH PASSWORD = 'x',
CHECK_POLICY = OFF;
-- create an empty database and add a schema
CREATE DATABASE Douglas;
GO
USE Douglas;
GO
CREATE SCHEMA foo;
GO
-- create a user linked to the login
CREATE USER DouglasExample FROM LOGIN DouglasExample;
GO
-- grant the user the ability to create tables
GRANT CREATE TABLE TO DouglasExample;
GO
-- grant them explicit permissions on the schema only
GRANT SELECT, INSERT, DELETE, ALTER, EXECUTE, CONTROL
ON SCHEMA::foo TO DouglasExample;
GO
-- now try to create tables in foo and in dbo
EXECUTE AS USER = N'DouglasExample';
GO
CREATE TABLE foo.what(id INT); -- succeeds
GO
CREATE TABLE dbo.who(id INT); -- fails, not in schema foo
-- CREATE TABLE who(id INT); would also fail with same error
-- unless DouglasExample had foo as their default_schema
GO
REVERT;
GO
dbo 中的尝试失败并显示:
消息 2760,级别 16,状态 1
指定的架构名称“dbo”不存在,或者您无权使用它。
-- clean up:
USE master;
GO
DROP DATABASE Douglas;
GO
DROP LOGIN DouglasExample;
作为旁注,请注意在创建/引用所有对象时始终明确声明架构名称是多么重要。
| 归档时间: |
|
| 查看次数: |
20563 次 |
| 最近记录: |