堆栈内存溢出
  简体   繁体   English

更改索引而不是表的权限

[英]ALTER permissions for Index but not Table

 原文  2021-05-24 18:41:26       sql-server

问题描述

In SQL Server, is there a combination of permissions that will allow some user to run ALTER INDEX statements but not DROP INDEX/TABLE/etc statements?在 SQL 服务器中,是否存在允许某些用户运行 ALTER INDEX 语句但不允许 DROP INDEX/TABLE/etc 语句的权限组合? From what I've read, it looks like granting ALTER gives all the ALTER/DROP/TRUNCATE permissions, and indexes aren't a securable so I can't limit the acceptable statements to just ALTER/DROP indexes (this would be suboptimal, but would be better than just letting the user drop anything).根据我的阅读,授予 ALTER 似乎赋予了所有 ALTER/DROP/TRUNCATE 权限,并且索引不是安全的,因此我不能将可接受的语句限制为仅 ALTER/DROP 索引(这将是次优的,但总比让用户放弃任何东西要好)。

1 个解决方案

解决方案1
 0 已采纳  2021-06-07 20:15:25

Thanks to the recommendation in the comments from Ben, I was able to achieve this through signed stored procedure functionality.感谢 Ben 评论中的建议,我能够通过签名存储过程功能实现这一点。 I basically followed the instructions here , but in case that's gone in the future, these were the steps to get there (including some of the code from the linked tutorial):我基本上按照此处的说明进行操作,但如果将来不再使用,这些是到达那里的步骤(包括链接教程中的一些代码):

  1. Create Cert创建证书

    CREATE CERTIFICATE TestCreditRatingCer创建证书 TestCreditRatingCer
    ENCRYPTION BY PASSWORD = 'pGFD4bb925DGvbd2439587y'密码加密 = 'pGFD4bb925DGvbd2439587y'
    WITH SUBJECT = 'Credit Rating Records Access', WITH SUBJECT = '信用评级记录访问',
    EXPIRY_DATE = '12/31/2021'; EXPIRY_DATE = '12/31/2021'; -- Error 3701 will occur if this date is not in the future -- 如果此日期不在未来,则会出现错误 3701

    GO GO

  2. Create Stored Procedure to do the narrow task (alter indexes in this case) and sign using the cert from step 1创建存储过程以执行窄任务(在本例中为更改索引)并使用步骤 1 中的证书进行签名

    ADD SIGNATURE TO TestCreditRatingSP向 TestCreditRatingSP 添加签名
    BY CERTIFICATE TestCreditRatingCer通过证书 TestCreditRatingCer
    WITH PASSWORD = 'pGFD4bb925DGvbd2439587y'; WITH PASSWORD = 'pGFD4bb925DGvbd2439587y';
    GO GO

  3. Create login for running the stored procedure using the cert above and the new users for the applicable databases使用上述证书和适用数据库的新用户创建运行存储过程的登录名

    CREATE USER TestCreditRatingcertificateAccount创建用户 TestCreditRatingcertificateAccount
    FROM CERTIFICATE TestCreditRatingCer;来自证书 TestCreditRatingCer;
    GO GO

  4. Grant ALTER rights on the appropriate objects to the new certificate user and EXEC on the new stored proc to the user(s) you want to be able to run the ALTER statements.将适当对象的 ALTER 权限授予新证书用户,并将新存储过程的 EXEC 权限授予您希望能够运行 ALTER 语句的用户。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在 ssms 中更改表所需的最低用户权限 - minimum user permissions required for alter table in ssms 更改表中聚集索引主键的数据类型 - Alter datatype of clustered index primary key in table 导入导出向导保留身份,无更改表权限 - Import Export Wizard keep Identity, No Alter Table permissions 更改列下降索引 - Alter column drops index 更改聚簇索引列 - Alter clustered index column 使用ALTER INDEX改变索引名称 - Vary index name with ALTER INDEX 无法使用更改和创建权限更改 SQL Server 2017 中的视图 - Can't alter view in SQL Server 2017 with alter and create permissions 出现错误,SQL Server中的内存优化表不支持“更改表添加索引”操作 - getting error the operation 'alter table add index' is not supported with memory optimized tables in sql server 更改表以根据与where子句-SQL SERVER的组合添加唯一索引 - Alter table to add unique index based on combination with where clause-SQL SERVER 更改具有非唯一非聚集索引的表以添加列 - Alter a table which has non-unique non-clustered index to add a column
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM