堆栈内存溢出
  简体   繁体   English

为什么对用户数据库具有 datareader 权限的 SQL 服务器用户也有权删除/创建本地/全局临时表?

[英]Why does a SQL Server user with datareader permission to a user database also have permission to drop/create local/global temp tables?

 原文  2021-12-31 06:23:35       sql-server

问题描述

I have created a SQL Server user with datareader permission to a user database.我创建了一个 SQL 服务器用户,该用户具有对用户数据库的datareader权限。

Why does this user automatically have permission to drop/create local/global temp tables?为什么这个用户自动拥有删除/创建本地/全局临时表的权限?

The problem is that any user can mess around with global temporary tables created by other users or applications.问题是任何用户都可以弄乱其他用户或应用程序创建的全局临时表。

2 个解决方案

解决方案1
 1  2021-12-31 06:28:31

Basically, the temporary tables the datareader user is creating is created on tempDB database.基本上,datareader 用户正在创建的临时表是在 tempDB 数据库上创建的。 By default, any user can create objects in tempdb database, unless explicitly denied.默认情况下,任何用户都可以在 tempdb 数据库中创建对象,除非明确拒绝。

Refer to tempdb permissions reference 请参阅 tempdb 权限参考

Any user can create temporary objects in tempdb.任何用户都可以在 tempdb 中创建临时对象。 Users can access only their own objects, unless they receive additional permissions.用户只能访问他们自己的对象,除非他们获得额外的权限。 It's possible to revoke the connect permission to tempdb to prevent a user from using tempdb.可以撤销对 tempdb 的连接权限以阻止用户使用 tempdb。 We don't recommend it because some routine operations require the use of tempdb.我们不推荐它,因为一些日常操作需要使用 tempdb。

For example, in the below sql code, I am creating a user, which is just having public role.例如,在下面的 sql 代码中,我正在创建一个用户,它只是具有public角色。 It is also able to create temporary tables.它还能够创建临时表。 public database role is given by default, when you add a user for a login in a database.当您在数据库中添加用于登录的用户时,默认情况下会给出public数据库角色。 Read more about public role 阅读有关公共角色的更多信息

use master
go
create database testperm
go
create login testpermlogin with password = 'Somecomplexpassword123#'
go
use testperm
go
create user testpermuser for login testpermlogin
go
execute as user ='testpermuser'
go
select USER_NAME()
go
create table #test(a int)
go

解决方案2
 0  2021-12-31 14:22:09

The problem is that any user can mess around with global temporary tables created by other users or applications.问题是任何用户都可以弄乱其他用户或应用程序创建的全局临时表。

This is just one more reason not to use global temporary tables.这只是不使用全局临时表的另一个原因。 They aren't very useful, and they are extremely rarely used.它们不是很有用,而且极少使用。

I can't think of a scenario where it wouldn't be better to use a local temp tables, a permanent tables in TempDb, or a regular table in a user database.我想不出使用本地临时表、TempDb 中的永久表或用户数据库中的常规表不会更好的场景。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 SQL Server 错误:无法删除用户,因为它不存在或您没有权限 - SQL Server error: Cannot drop the user because it does not exist or you do not have permission 为什么我得到这个错误`错误(数据挖掘):用户,TEMP-USER \\ Administrator,没有权限`? - Why i get this error `Error (Data mining): Either the user, TEMP-USER\Administrator, does not have permission`? RDS SQL Server-如何创建架构-用户无权执行此操作 - RDS SQL Server - how to create a schema - User does not have permission to perform this action 用户无权访问数据库 - User does not have permission to access a database 在SQL Server数据库中分配用户权限 - Assign user permission in SQL Server database SQL Server-创建用户定义的表类型-创建用户没有执行权限? - SQL Server - Creating User Defined Table Type - Creating User Does not have Execute Permission? Linux上的SQL Server用户权限 - SQL SERVER USER PERMISSION ON LINUX SQL Server还原和用户权限 - SQL server restore and user permission 如何设置允许SQL Server用户访问某些表的权限 - How to set a permission to let a SQL server user to access for certain tables T-SQL Server代理作业失败“用户无权执行此操作” - T-SQL Server Agent Job fails “User does not have permission to perform this action”
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM