[英]How to retrieve SQL Server database roles for an Active Directory domain group
I have the following environment: 我有以下环境:
Microsoft SQL Server Enterprise 64bit version 11.0.5623.0 running on Microsoft Windows NT 6.1 (7601) 在Microsoft Windows NT 6.1(7601)上运行的Microsoft SQL Server Enterprise 64位版本11.0.5623.0
I have a domain called MyDomain , all end users are member of this domain, eg user Donald from the USA and user Fritz from Germany 我有一个名为MyDomain的域,所有最终用户都是该域的成员,例如,来自美国的用户Donald和来自德国的用户Fritz
For each country I have a dedicated domain group eg MyDomain_Sales_USA group contains the US user Donald, MyDomain_Sales_GER contains the German user Fritz 对于每个国家/地区,我都有一个专用的域组,例如MyDomain_Sales_USA组包含美国用户Donald, MyDomain_Sales_GER包含德国用户Fritz
I have one SQL Server instance in the MyDomain
with a Sales
database. 我在具有
Sales
数据库的MyDomain
有一个SQL Server实例。
The Sales
database contains a table called Products
that is shown here: Sales
数据库包含一个名为Products
的表,如下所示:
End users access the Products
table with their domain account (single sign on) to read data 最终用户使用其域帐户(单点登录)访问“
Products
表以读取数据
The business case: 业务案例:
Country = USA
, similarly German users only see the Germany products. Country = USA
用户只能看到Country = USA
的产品,类似地,德国用户也只能看到Germany产品。 My approach: 我的方法:
Using SQL Server Management Studio I added the domain groups MyDomain_Sales_USA and MyDomain_Sales_GER to the SQL Server Security\\Logins node and mapped each group to the Sales database. 使用SQL Server Management Studio,我将域组MyDomain_Sales_USA和MyDomain_Sales_GER添加到SQL Server Security \\ Logins节点,并将每个组映射到Sales数据库。
I created two database roles in the Sales
database, SalesRole_USA
and SalesRole_GER
. 我在
Sales
数据库中创建了两个数据库角色SalesRole_USA
和SalesRole_GER
。 Using the database role properties dialog I added the MyDomain_Sales_USA
as a member to the SalesRole_USA
role and the MyDomain_Sales_GER
to the SalesRole_GER
role 使用数据库角色属性对话框,将
MyDomain_Sales_USA
作为成员添加到SalesRole_USA
角色中,并将MyDomain_Sales_GER
到SalesRole_GER
角色中
I created a view in products database with the following select statement 我使用以下选择语句在产品数据库中创建了一个视图
SELECT * FROM Products WHERE Country = GetCurrentUserCountry()
Here's my question: 这是我的问题:
How can I in the GetCurrentUserCountry()
function to determine to which database role the connected user belongs? 如何在
GetCurrentUserCountry()
函数中确定连接的用户属于哪个数据库角色?
In other words: if Donald executes the select statement above then the function must return 'USA', if Fritz executes the statement then the function must return 'GER' 换句话说:如果唐纳德执行上述select语句,则该函数必须返回“美国”,如果弗里茨执行该语句,则该函数必须返回“ GER”
My expectation is the following: 我的期望如下:
SQL Server grants access to Donald and Fritz because their domain groups are registered and mapped to the Sales
database SQL Server授予对Donald和Fritz的访问权限,因为它们的域组已注册并映射到
Sales
数据库
So it must be possible to retrieve the database roles for the connected user 因此,必须有可能为连接的用户检索数据库角色
在GetCurrentUserCountry()函数中,我使用了系统函数IS_MEMBER('MyDomain_Sales_USA')和IS_MEMBER('MyDomain_Sales_GER'),这很好,但有一个小缺点,因为每次创建新的国家/地区组时都必须更新该函数。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.