将SQL Server架构限制为单个用户
[英]Restricting a SQL Server schema to a single user
问题描述
We have a SQL Server database that will be deployed to client servers. 
我们有一个SQL Server数据库,该数据库将部署到客户端服务器。 The database contains a number of schemas, some of which we want only the application to access. 数据库包含许多模式,我们只希望应用程序访问其中一些模式。 Is it possible to deny access to all users (even sa) except a user we create to those schemas? 是否可以拒绝除我们创建的那些用户之外的所有用户(甚至sa)的访问权限?
1 个解决方案
解决方案1
0 已采纳 2015-07-03 18:00:53
You cannot remove the SA out of the permissions. 您不能从权限中删除SA 。 Every person who is SA can see and work with your data. SA的每个人都可以查看并使用您的数据。 It doesn't count which schema it is in. Another option for an SA is the usage of DBCC , which will help him avoid some principles (like the one that a temporary table is only visible to the session which generated it). 它不计算其处于哪个架构中SA另一种选择是使用DBCC ,这将帮助他避免某些原则(例如一个临时表仅对生成该临时表的会话可见)。
If you trust a person to be an SA , you really should trust him to access all of your data. 如果您相信某人将成为SA ,那么您真的应该相信他可以访问您的所有数据。
The only way to avoid this, is to wait for SQL Server 2016. It will allow you to store every data in your database encrypted. 避免这种情况的唯一方法是等待SQL Server2016。它将允许您将加密后的每个数据存储在数据库中。 Even the SQL Server itself can't access all information of it. 甚至SQL Server本身也无法访问其所有信息。 The decryption/encryption is done by the application. 解密/加密由应用程序完成。 SQL Server self don't know the key. SQL Server自己不知道密钥。 The new features will be called always encrypted . 新功能将称为always encrypted 。
Anyway, you can do such a scenario on your own with nearly all SQL Server variants, but it would be a bit more work as in SQL Server 2016. 无论如何,您几乎可以使用所有SQL Server变体自行完成这种方案,但与SQL Server 2016相比,它会花费更多的精力。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.