I am building a winforms app that uses Integrated Security on SQL Server. Right now, i do the following to ensure that a user is informed that he/she does not have access to a certain schema (everyone has select permissions but few have update and insert).
try
{
string sqlx = "select * from test.t";
SqlCommand comm = new SqlCommand(sqlx, conn);
conn.Open();
comm.ExecuteNonQuery();
conn.Close();
return;
}
catch (SqlException ex)
{
if (ex.Number == 229 | ex.Number == 230)
System.Windows.Forms.MessageBox.Show("You do not have permission to update this table. Please contact your system admin for permission.");
else
System.Windows.Forms.MessageBox.Show(ex.Message);
}
catch (Exception ex)
{
System.Windows.Forms.MessageBox.Show(ex.Message);
}
finally
{
conn.Close();
}
Instead of giving the users the ability to even click the delete button, for example, is there a way to "prescreen" a users privileges from C#?
Try this:
SELECT * FROM fn_my_permissions('dbo', 'SCHEMA')
It will return the list of permissions against the 'dbo' schema for the connected user:
entity_name subentity_name permission_name
dbo NULL SELECT
dbo NULL INSERT
dbo NULL UPDATE
dbo NULL DELETE
dbo NULL REFERENCES
dbo NULL EXECUTE
dbo NULL VIEW CHANGE TRACKING
dbo NULL VIEW DEFINITION
dbo NULL ALTER
dbo NULL TAKE OWNERSHIP
dbo NULL CONTROL
So you could just look for INSERT or UPDATE as necessary:
if exists (SELECT * FROM fn_my_permissions('dbo', 'SCHEMA') where permission_name = 'INSERT')
begin
select 'Yes'
end
else
begin
select 'No'
end
你可以做一个
select fn_my_permissions('schema.tablename', 'OBJECT');
You can do a
select fn_my_permissions('schema.tablename', 'OBJECT');
or
HAS_PERMS_BY_NAME('schema.tablename','OBJECT', 'INSERT')
Has_perms was installed for 2008 and after.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.