SQL Server:對象權限

Question

我們能否撤銷對 SQL Server 數據庫上所有對象的所有權限，並僅授予對特定架構的少數幾個表的訪問權限

Answer 1

默認情況下，用戶除了public ROLE權限外沒有其他權限； 所以如果你沒有給他們任何權限，你只需要給他們正確的權限。

如果您的意思是您已經創建並授予USER多個單獨的權限，那么DROP USER並使用正確的重新創建它可能會更快：

USE Sandbox;
GO

CREATE USER TestUser WITHOUT LOGIN WITH SID = 0x0105000000000009030000003A1272CDF6378A479D2C1EC4E229CB56;
GO

CREATE TABLE dbo.TestTable1 (ID int);

CREATE TABLE dbo.TestTable2 (ID int);
GO

GRANT INSERT, SELECT, UPDATE, DELETE ON dbo.TestTable1 TO TestUser;
GRANT INSERT, SELECT, UPDATE, DELETE ON dbo.TestTable2 TO TestUser;
GO

EXECUTE AS USER = N'TestUser';
GO

INSERT INTO dbo.TestTable1 (ID)
VALUES(1);

INSERT INTO dbo.TestTable2 (ID)
VALUES(11);
GO

SELECT *
FROM dbo.TestTable1;
SELECT *
FROM dbo.TestTable2;
GO

REVERT
GO

DROP USER TestUser;
GO
CREATE USER TestUser WITHOUT LOGIN WITH SID = 0x0105000000000009030000003A1272CDF6378A479D2C1EC4E229CB56;

GRANT INSERT, SELECT, UPDATE, DELETE ON dbo.TestTable2 TO TestUser;
GO

EXECUTE AS USER = N'TestUser';
GO
--Fails
INSERT INTO dbo.TestTable1 (ID)
VALUES(2);
GO
--Succeeds
INSERT INTO dbo.TestTable2 (ID)
VALUES(12);
GO
--Fails
SELECT *
FROM dbo.TestTable1;
GO
--Succeeds
SELECT *
FROM dbo.TestTable2;
GO

REVERT
GO

GO

--Clean up
DROP USER TestUser;
DROP TABLE dbo.TestTable1;
DROP TABLE dbo.TestTable2;

如果這是您經常做的事情，聽起來您應該擁有角色，並且應該從特定角色中添加/刪除用戶。

Answer 2

要撤銷所有權限，您可以獲取腳本結果並運行：

 SELECT 'REVOKE ALL ON "' + TABLE_SCHEMA + '"."' + TABLE_NAME + '" FROM "User"' 
 FROM information_schema.tables t

對於授予特權：

 SELECT 'GRANT SELECT ON "' + TABLE_SCHEMA + '"."' + TABLE_NAME + '" TO "User"' 
 FROM information_schema.tables t