Mar*_*ara 2 sql azure azure-sql-database
我只需要在SQL Azure数据库上创建一个新用户,可以从每个表中SELECT/INSERT/UPDATE/DELETE,并执行每个proc,但不能创建/更改/删除任何内容.
换句话说,我需要一个无法对数据库运行DDL命令的新用户.
我已经设法创建了登录和用户(在主模式上).有帮助吗?
- 编辑1一旦我在SQL Azure上创建了新用户,它就已经可以创建表和过程(因此,它是REVOKE强大功能的基础).这里是从Master数据库发出的命令:
CREATE LOGIN Sistema WITH PASSWORD = 'XXX';
CREATE USER Sistema
FOR LOGIN Sistema
WITH DEFAULT_SCHEMA = dbo; --This command was run on Master database, AND on my MainDatabase.
- 解决方案(基于Jisaak的回答):
--After creating login and user, I issued those commands from MainDatabase:
EXEC sp_addrolemember db_datareader, Sistema
EXEC sp_addrolemember db_datawriter, Sistema
EXEC sp_droprolemember db_owner, Sistema --As it appears, SQL Azure defaults new users as "db_owners", which must be revoked
只需将" db_datareader"和" db_datawriter"数据库角色成员身份分配给用户即可.您可以使用sp_addrolemember存储过程在Azure上正常工作:
EXEC sp_addrolemember 'db_datareader', 'USERNAME'
EXEC sp_addrolemember 'db_datawriter', 'USERNAME'
编辑:
select m.name as Member, r.name as Role
from sys.database_role_members
inner join sys.database_principals m on sys.database_role_members.member_principal_id = m.principal_id
inner join sys.database_principals r on sys.database_role_members.role_principal_id = r.principal_id
| 归档时间: |
|
| 查看次数: |
3690 次 |
| 最近记录: |