1
A
回答
4
--All
GRANT INSERT, UPDATE, SELECT ON Customers TO Joe, Mary
--Revoke UPDATE access to table Customers for user Joe
REVOKE UPDATE ON Customers to Joe
--Cant Delete
DENY DELETE ON Customers to Joe, Mary
--Can Exec StoredProcedure
GRANT EXEC ON uspInsertCustomers TO Joe
--Grant Create Table
GRANT CREATE TABLE TO Joe
這顯示用戶信息
CREATE procedure [dbo].[List_DBRoles]
(
@database nvarchar(128)=null,
@user varchar(20)=null,
@dbo char(1)=null,
@access char(1)=null,
@security char(1)=null,
@ddl char(1)=null,
@datareader char(1)=null,
@datawriter char(1)=null,
@denyread char(1)=null,
@denywrite char(1)=null
)
as
declare @dbname varchar(200)
declare @mSql1 varchar(8000)
CREATE TABLE #DBROLES
(DBName sysname not null,
UserName sysname not null,
db_owner varchar(3) not null,
db_accessadmin varchar(3) not null,
db_securityadmin varchar(3) not null,
db_ddladmin varchar(3) not null,
db_datareader varchar(3) not null,
db_datawriter varchar(3) not null,
db_denydatareader varchar(3) not null,
db_denydatawriter varchar(3) not null,
Cur_Date datetime not null default getdate()
)
DECLARE DBName_Cursor CURSOR FOR
select name
from master.dbo.sysdatabases
where name not in ('mssecurity','tempdb')
Order by name
OPEN DBName_Cursor
FETCH NEXT FROM DBName_Cursor INTO @dbname
WHILE @@FETCH_STATUS = 0
BEGIN
Set @mSQL1 = ' Insert into #DBROLES (DBName, UserName, db_owner, db_accessadmin,
db_securityadmin, db_ddladmin, db_datareader, db_datawriter,
db_denydatareader, db_denydatawriter)
SELECT '+''''[email protected] +''''+ ' as DBName ,UserName, '+char(13)+ '
Max(CASE RoleName WHEN ''db_owner'' THEN ''Yes'' ELSE ''No'' END) AS db_owner,
Max(CASE RoleName WHEN ''db_accessadmin '' THEN ''Yes'' ELSE ''No'' END) AS db_accessadmin ,
Max(CASE RoleName WHEN ''db_securityadmin'' THEN ''Yes'' ELSE ''No'' END) AS db_securityadmin,
Max(CASE RoleName WHEN ''db_ddladmin'' THEN ''Yes'' ELSE ''No'' END) AS db_ddladmin,
Max(CASE RoleName WHEN ''db_datareader'' THEN ''Yes'' ELSE ''No'' END) AS db_datareader,
Max(CASE RoleName WHEN ''db_datawriter'' THEN ''Yes'' ELSE ''No'' END) AS db_datawriter,
Max(CASE RoleName WHEN ''db_denydatareader'' THEN ''Yes'' ELSE ''No'' END) AS db_denydatareader,
Max(CASE RoleName WHEN ''db_denydatawriter'' THEN ''Yes'' ELSE ''No'' END) AS db_denydatawriter
from (
select b.name as USERName, c.name as RoleName
from ' + @dbName+'.dbo.sysmembers a '+char(13)+
' join '+ @dbName+'.dbo.sysusers b '+char(13)+
' on a.memberuid = b.uid join '[email protected] +'.dbo.sysusers c
on a.groupuid = c.uid)s
Group by USERName
order by UserName'
--Print @mSql1
Execute (@mSql1)
FETCH NEXT FROM DBName_Cursor INTO @dbname
END
CLOSE DBName_Cursor
DEALLOCATE DBName_Cursor
Select * from #DBRoles
where ((@database is null) OR (DBName LIKE '%'[email protected]+'%')) AND
((@user is null) OR (UserName LIKE '%'[email protected]+'%')) AND
((@dbo is null) OR (db_owner = 'Yes')) AND
((@access is null) OR (db_accessadmin = 'Yes')) AND
((@security is null) OR (db_securityadmin = 'Yes')) AND
((@ddl is null) OR (db_ddladmin = 'Yes')) AND
((@datareader is null) OR (db_datareader = 'Yes')) AND
((@datawriter is null) OR (db_datawriter = 'Yes')) AND
((@denyread is null) OR (db_denydatareader = 'Yes')) AND
((@denywrite is null) OR (db_denydatawriter = 'Yes'))
相關問題
- 1. htaccess - 拒絕訪問某些網址,但允許其他人訪問
- 2. Sitecore權限 - 如何爲角色授予對項目的訪問權限,但拒絕其他人
- 3. 允許Facebook個人資料權限
- 4. 權限makedirs()後拒絕到其他應用
- 5. 權限拒絕:不允許發送廣播的Android
- 6. 權限拒絕:不允許在android系統
- 7. 權限拒絕:不允許發送廣播android.intent.action.AIRPLANE_MODE
- 8. TFS權限,默認拒絕,特定允許
- 9. 權限被拒絕,儘管文件是完全允許
- 10. 權限拒絕:不允許發送廣播android.intent.action.HEADSET_PLUG
- 11. java.lang.SecurityException:權限拒絕:不允許在KitKat上發送廣播android.intent.action.MEDIA_MOUNTED
- 12. securityexception權限拒絕不允許發送廣播
- 13. java.lang.SecurityException:權限拒絕:不允許發送廣播android.hardware.usb.action.USB_STATE
- 14. 單擊「允許」按鈕後,getUserMedia權限被拒絕
- 15. 即使拒絕權限也允許讀取狀態?
- 16. Azure的許可權限被拒絕
- 17. 拒絕ssh,sftp,但允許svn + ssh
- 18. 如何拒絕執行權限的一堆存儲過程,但其中一些?
- 19. 如何拒絕他人看到localhost
- 20. git push heroku主人權限被拒絕
- 21. CakePHP:設置ACL允許/拒絕不工作(表格未更新)?
- 22. 權限拒絕:getIntentSender()
- 23. 權限被拒絕
- 24. rbenv:權限拒絕
- 25. 權限拒絕READ_PHONE_STATE
- 26. 權限被拒絕
- 27. Android權限拒絕
- 28. 權限拒絕:MediaDocumentsProvider
- 29. 權限被拒絕
- 30. ssh給我一個權限被拒絕!
是什麼更新和更新訪問的區別? – user1542296
這是一個錯字,我更新了! – KeyboardFriendly
另外請注意''DENY'勝過任何'GRANT'而'REVOKE'只是刪除'GRANT'(或'DENY')。因此,如果您拒絕了某個權限,那麼您將無法以任何方式將該用戶恢復爲「DBO」或「sysadmin」,當然您也可以通過「REVOKE」刪除該「DENY」。 –