[英]SQL Server:Permissions on Objects
我們能否撤銷對 SQL Server 數據庫上所有對象的所有權限,並僅授予對特定架構的少數幾個表的訪問權限
默認情況下,用戶除了public
ROLE
權限外沒有其他權限; 所以如果你沒有給他們任何權限,你只需要給他們正確的權限。
如果您的意思是您已經創建並授予USER
多個單獨的權限,那么DROP
USER
並使用正確的重新創建它可能會更快:
USE Sandbox;
GO
CREATE USER TestUser WITHOUT LOGIN WITH SID = 0x0105000000000009030000003A1272CDF6378A479D2C1EC4E229CB56;
GO
CREATE TABLE dbo.TestTable1 (ID int);
CREATE TABLE dbo.TestTable2 (ID int);
GO
GRANT INSERT, SELECT, UPDATE, DELETE ON dbo.TestTable1 TO TestUser;
GRANT INSERT, SELECT, UPDATE, DELETE ON dbo.TestTable2 TO TestUser;
GO
EXECUTE AS USER = N'TestUser';
GO
INSERT INTO dbo.TestTable1 (ID)
VALUES(1);
INSERT INTO dbo.TestTable2 (ID)
VALUES(11);
GO
SELECT *
FROM dbo.TestTable1;
SELECT *
FROM dbo.TestTable2;
GO
REVERT
GO
DROP USER TestUser;
GO
CREATE USER TestUser WITHOUT LOGIN WITH SID = 0x0105000000000009030000003A1272CDF6378A479D2C1EC4E229CB56;
GRANT INSERT, SELECT, UPDATE, DELETE ON dbo.TestTable2 TO TestUser;
GO
EXECUTE AS USER = N'TestUser';
GO
--Fails
INSERT INTO dbo.TestTable1 (ID)
VALUES(2);
GO
--Succeeds
INSERT INTO dbo.TestTable2 (ID)
VALUES(12);
GO
--Fails
SELECT *
FROM dbo.TestTable1;
GO
--Succeeds
SELECT *
FROM dbo.TestTable2;
GO
REVERT
GO
GO
--Clean up
DROP USER TestUser;
DROP TABLE dbo.TestTable1;
DROP TABLE dbo.TestTable2;
如果這是您經常做的事情,聽起來您應該擁有角色,並且應該從特定角色中添加/刪除用戶。
要撤銷所有權限,您可以獲取腳本結果並運行:
SELECT 'REVOKE ALL ON "' + TABLE_SCHEMA + '"."' + TABLE_NAME + '" FROM "User"'
FROM information_schema.tables t
對於授予特權:
SELECT 'GRANT SELECT ON "' + TABLE_SCHEMA + '"."' + TABLE_NAME + '" TO "User"'
FROM information_schema.tables t
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.