授予数据库的完整SQL Server权限
[英]Granting Full SQL Server Permissions for a Database
问题描述
How can I give a user (who was created WITHOUT LOGIN) full control over a contained database without having to specify that database's name, like GRANT CONTROL ON DATABASE::DatabaseName TO UserName, but without using a database name? 
如何在不必指定数据库名称的情况下为用户(创建WITHOUT LOGIN)完全控制所包含的数据库,例如GRANT CONTROL ON DATABASE :: DatabaseName TO UserName,但不使用数据库名称? I figure it'll include GRANT ALTER ANY SCHEMA TO UserName, but I'm not sure what else I'd need to grant, or if there's a better way. 我认为它将包括GRANT ALTER ANY SCHEMA TO UserName,但我不确定我还需要授予什么,或者是否有更好的方法。 Thanks. 谢谢。
2 个解决方案
解决方案1
3 已采纳 2018-11-28 19:35:42
If you literally want them to be able to do anything in that database, you can just add them to the db_owner role: 如果您真的希望它们能够在该数据库中执行任何操作,则只需将它们添加到db_owner角色即可:
USE ContainedDatabase;
GO
ALTER ROLE db_owner ADD MEMBER [username];
If you want to be more granular, you can add them to lesser roles, like db_ddladmin , db_securityadmin , etc. You can see the list of built-in roles here: 如果您想要更精细,可以将它们添加到较小的角色,如db_ddladmin , db_securityadmin等。您可以在此处查看内置角色列表:
The permissions inherent in each of those roles: 每个角色固有的权限:
And if those don't suit, you can create your own roles , add your user to that role, and grant specific permissions to that role you created (and/or add them to other roles). 如果这些不合适,您可以创建自己的角色 ,将用户添加到该角色,并为您创建的角色授予特定权限(和/或将其添加到其他角色)。 The difference between applying the permissions to the role instead of directly to the user is simply reuse - if you add five more users that you want to apply the same permissions, you just add them to the custom role, rather than apply those granular permissions or roles to all 5 of the users. 将权限应用于角色而不是直接应用于用户之间的区别仅在于重用 - 如果要添加另外五个要应用相同权限的用户,则只需将它们添加到自定义角色,而不是应用这些细化权限或所有5个用户的角色。
解决方案2
0 2018-11-28 21:26:39
- Open SQL Server Management Studio and connect to your server. 打开SQL Server Management Studio并连接到您的服务器。
- In the Object Explorer, expand the "Security" folder under the server. 在对象资源管理器中,展开服务器下的“安全”文件夹。
- Right click on the "Logins" folder and choose "New Login..." 右键单击“登录”文件夹,然后选择“新登录...”
- Add the users name in the format "Domain\\UserName". 以“Domain \\ UserName”格式添加用户名。 You can also add domain groups by just changing it to "Domain\\GroupName". 您也可以通过将域组更改为“Domain \\ GroupName”来添加域组。 5.If you would like this user to have full access to the SQL Server instance, you can choose the "Server Roles" tab. 5.如果您希望此用户具有对SQL Server实例的完全访问权限,则可以选择“服务器角色”选项卡。 Adding the role "sysadmin" will give them full access to the server to do actions like update the database, backup the database, delete the database. 添加角色“sysadmin”将为他们提供对服务器的完全访问权限,以执行更新数据库,备份数据库,删除数据库等操作。
Click ok and your user will be created and have access to your database.
单击“确定”,将创建您的用户并可以访问您的数据库。 Choose the "User Mapping" tab.
选择“用户映射”选项卡。 In the top half of this screen, check the box next to the database name. 在此屏幕的上半部分,选中数据库名称旁边的框。 Once you highlight the database and check the box to map the user to it, you can add role memberships to the user. 突出显示数据库并选中用于将用户映射到该框的框后,您可以向用户添加角色成员身份。 For access to the database. 用于访问数据库。 - Click ok and your user will be created and have access to your database. 单击“确定”,将创建您的用户并可以访问您的数据库。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.