stackoom
  简体   繁体   中英

Check if user has Update/Select/Insert permissions before execute

 原文  2015-04-13 18:39:23       c#/ sql-server/ permissions

Question

I am building a winforms app that uses Integrated Security on SQL Server. Right now, i do the following to ensure that a user is informed that he/she does not have access to a certain schema (everyone has select permissions but few have update and insert). 

 try
        {
            string sqlx = "select * from test.t";
            SqlCommand comm = new SqlCommand(sqlx, conn);


            conn.Open();
            comm.ExecuteNonQuery();
            conn.Close();
            return;
        }
        catch (SqlException ex)
        {
            if (ex.Number == 229 | ex.Number == 230)
                System.Windows.Forms.MessageBox.Show("You do not have permission to update this table. Please contact your system admin for permission.");
            else
                System.Windows.Forms.MessageBox.Show(ex.Message);
        }

        catch (Exception ex)
        {
            System.Windows.Forms.MessageBox.Show(ex.Message);

        }
        finally
        {
            conn.Close();
        }

Instead of giving the users the ability to even click the delete button, for example, is there a way to "prescreen" a users privileges from C#?

3 answers

solution1
 5 ACCPTED  2015-04-13 18:56:01

Try this: 

SELECT * FROM fn_my_permissions('dbo', 'SCHEMA')

It will return the list of permissions against the 'dbo' schema for the connected user: 

entity_name subentity_name  permission_name
dbo         NULL            SELECT
dbo         NULL            INSERT
dbo         NULL            UPDATE
dbo         NULL            DELETE
dbo         NULL            REFERENCES
dbo         NULL            EXECUTE
dbo         NULL            VIEW CHANGE TRACKING
dbo         NULL            VIEW DEFINITION
dbo         NULL            ALTER
dbo         NULL            TAKE OWNERSHIP
dbo         NULL            CONTROL

So you could just look for INSERT or UPDATE as necessary: 

if exists (SELECT * FROM fn_my_permissions('dbo', 'SCHEMA') where permission_name = 'INSERT')
begin
    select 'Yes'
end
else
begin
    select 'No'
end

solution2
 1  2015-04-13 18:54:49

你可以做一个

select fn_my_permissions('schema.tablename', 'OBJECT');

solution3
 1  2015-04-13 18:58:06

You can do a 

select fn_my_permissions('schema.tablename', 'OBJECT');

or

HAS_PERMS_BY_NAME('schema.tablename','OBJECT', 'INSERT')

Has_perms was installed for 2008 and after.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Check if column exists before execute select clause UWP Userfriendly way to check if the user has granted only camera permissions How to restrict sqlite only to execute SELECT statements, and not INSERT, UPDATE Execute SELECT, UPDATE, INSERT and DELETE queries with single OleDbCommand type Check if user has permissions to upload file to SharePoint folder using PnP Core Insert, select and update DateTime Check if value exists or not before insert Check if user has logged in or not Determine if a user has permissions to edit the registry? How to check the permissions of a user with a site collection?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM