[英]Why does a SQL Server user with datareader permission to a user database also have permission to drop/create local/global temp tables?
I have created a SQL Server user with datareader
permission to a user database.我创建了一个 SQL 服务器用户,该用户具有对用户数据库的
datareader
权限。
Why does this user automatically have permission to drop/create local/global temp tables?为什么这个用户自动拥有删除/创建本地/全局临时表的权限?
The problem is that any user can mess around with global temporary tables created by other users or applications.问题是任何用户都可以弄乱其他用户或应用程序创建的全局临时表。
Basically, the temporary tables the datareader user is creating is created on tempDB database.基本上,datareader 用户正在创建的临时表是在 tempDB 数据库上创建的。 By default, any user can create objects in tempdb database, unless explicitly denied.
默认情况下,任何用户都可以在 tempdb 数据库中创建对象,除非明确拒绝。
Refer to tempdb permissions reference 请参阅 tempdb 权限参考
Any user can create temporary objects in tempdb.
任何用户都可以在 tempdb 中创建临时对象。 Users can access only their own objects, unless they receive additional permissions.
用户只能访问他们自己的对象,除非他们获得额外的权限。 It's possible to revoke the connect permission to tempdb to prevent a user from using tempdb.
可以撤销对 tempdb 的连接权限以阻止用户使用 tempdb。 We don't recommend it because some routine operations require the use of tempdb.
我们不推荐它,因为一些日常操作需要使用 tempdb。
For example, in the below sql code, I am creating a user, which is just having public
role.例如,在下面的 sql 代码中,我正在创建一个用户,它只是具有
public
角色。 It is also able to create temporary tables.它还能够创建临时表。
public
database role is given by default, when you add a user for a login in a database.当您在数据库中添加用于登录的用户时,默认情况下会给出
public
数据库角色。 Read more about public role 阅读有关公共角色的更多信息
use master
go
create database testperm
go
create login testpermlogin with password = 'Somecomplexpassword123#'
go
use testperm
go
create user testpermuser for login testpermlogin
go
execute as user ='testpermuser'
go
select USER_NAME()
go
create table #test(a int)
go
The problem is that any user can mess around with global temporary tables created by other users or applications.
问题是任何用户都可以弄乱其他用户或应用程序创建的全局临时表。
This is just one more reason not to use global temporary tables.这只是不使用全局临时表的另一个原因。 They aren't very useful, and they are extremely rarely used.
它们不是很有用,而且极少使用。
I can't think of a scenario where it wouldn't be better to use a local temp tables, a permanent tables in TempDb, or a regular table in a user database.我想不出使用本地临时表、TempDb 中的永久表或用户数据库中的常规表不会更好的场景。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.