Azure SQL 数据库角色和访问
[英]Azure SQL Database roles and access
问题描述
What harm can a user with GRANT SELECT ON database.dbo.view TO User access can do?
具有GRANT SELECT ON database.dbo.view TO User访问权限的用户会造成什么危害? The user can see Security folder in SSMS, roles and can also see master database, roles, etc.?用户可以在 SSMS 中看到 Security 文件夹、角色,也可以看到 master 数据库、角色等? Is there a way we can restrict the user to not see or modify any security roles/groups but can see only a view?有没有一种方法可以限制用户看不到或修改任何安全角色/组,但只能看到一个视图?
Many Thanks!非常感谢!
1 个解决方案
解决方案1
0 已采纳 2021-08-23 07:30:08
In SSMS, a new user will not see the database tables/views without proper roles/permission provided to them but they can see the database objects like Security Users, schema or Roles etc., however they still cannot perform any actions on them if they don't have proper permissions granted to them.在 SSMS 中,如果没有向他们提供适当的角色/权限,新用户将看不到数据库表/视图,但他们可以看到数据库对象,如安全用户、模式或角色等,但是如果他们仍然无法对它们执行任何操作没有授予他们适当的权限。 As an example if you created a new user and granted a select for a single view, that user will just be able to Select from the view and not able to do anything else on it like altering/deleting the view.例如,如果您创建了一个新用户并为单个视图授予了 select,则该用户将只能从视图中访问 Select,而不能对其执行任何其他操作,例如更改/删除视图。 Also same user can see the security objects but cannot make any changes on them as well.同一用户也可以看到安全对象,但也不能对其进行任何更改。
We can hide the databases from user in SSMS by using below statement but this is going to hide all the database(even the database in which user has access to see the view).我们可以使用以下语句在 SSMS 中向用户隐藏数据库,但这将隐藏所有数据库(甚至是用户有权查看视图的数据库)。
DENY VIEW ANY DATABASE TO <login name>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.