1. 首頁
  2. 問答
  3. 如何拒絕更新權限到一個SQL表,但允許其他人?

如何拒絕更新權限到一個SQL表,但允許其他人?

2013-06-25 51 views

回答

4 
--All 
GRANT INSERT, UPDATE, SELECT ON Customers TO Joe, Mary 


--Revoke UPDATE access to table Customers for user Joe 
REVOKE UPDATE ON Customers to Joe 

--Cant Delete 
DENY DELETE ON Customers to Joe, Mary 

--Can Exec StoredProcedure 
GRANT EXEC ON uspInsertCustomers TO Joe 

--Grant Create Table 
GRANT CREATE TABLE TO Joe

這顯示用戶信息

CREATE procedure [dbo].[List_DBRoles] 

(

@database nvarchar(128)=null, 

@user varchar(20)=null, 

@dbo char(1)=null, 

@access char(1)=null, 

@security char(1)=null, 

@ddl char(1)=null, 

@datareader char(1)=null, 

@datawriter char(1)=null, 

@denyread char(1)=null, 

@denywrite char(1)=null 

) 

as 

declare @dbname varchar(200) 

declare @mSql1 varchar(8000) 

CREATE TABLE #DBROLES 

(DBName sysname not null, 

UserName sysname not null, 

db_owner varchar(3) not null, 

db_accessadmin varchar(3) not null, 

db_securityadmin varchar(3) not null, 

db_ddladmin varchar(3) not null, 

db_datareader varchar(3) not null, 

db_datawriter varchar(3) not null, 

db_denydatareader varchar(3) not null, 

db_denydatawriter varchar(3) not null, 

Cur_Date datetime not null default getdate() 

) 



DECLARE DBName_Cursor CURSOR FOR 

select name 

from master.dbo.sysdatabases 

where name not in ('mssecurity','tempdb') 

Order by name 

OPEN DBName_Cursor 

FETCH NEXT FROM DBName_Cursor INTO @dbname 

WHILE @@FETCH_STATUS = 0 

BEGIN 

Set @mSQL1 = ' Insert into #DBROLES (DBName, UserName, db_owner, db_accessadmin, 

db_securityadmin, db_ddladmin, db_datareader, db_datawriter, 

db_denydatareader, db_denydatawriter) 

SELECT '+''''[email protected] +''''+ ' as DBName ,UserName, '+char(13)+ ' 

Max(CASE RoleName WHEN ''db_owner'' THEN ''Yes'' ELSE ''No'' END) AS db_owner, 

Max(CASE RoleName WHEN ''db_accessadmin '' THEN ''Yes'' ELSE ''No'' END) AS db_accessadmin , 

Max(CASE RoleName WHEN ''db_securityadmin'' THEN ''Yes'' ELSE ''No'' END) AS db_securityadmin, 

Max(CASE RoleName WHEN ''db_ddladmin'' THEN ''Yes'' ELSE ''No'' END) AS db_ddladmin, 

Max(CASE RoleName WHEN ''db_datareader'' THEN ''Yes'' ELSE ''No'' END) AS db_datareader, 

Max(CASE RoleName WHEN ''db_datawriter'' THEN ''Yes'' ELSE ''No'' END) AS db_datawriter, 

Max(CASE RoleName WHEN ''db_denydatareader'' THEN ''Yes'' ELSE ''No'' END) AS db_denydatareader, 

Max(CASE RoleName WHEN ''db_denydatawriter'' THEN ''Yes'' ELSE ''No'' END) AS db_denydatawriter 

from (

select b.name as USERName, c.name as RoleName 

from ' + @dbName+'.dbo.sysmembers a '+char(13)+ 

' join '+ @dbName+'.dbo.sysusers b '+char(13)+ 

' on a.memberuid = b.uid join '[email protected] +'.dbo.sysusers c 

on a.groupuid = c.uid)s 

Group by USERName 

order by UserName' 

--Print @mSql1 

Execute (@mSql1) 

FETCH NEXT FROM DBName_Cursor INTO @dbname 

END 

CLOSE DBName_Cursor 

DEALLOCATE DBName_Cursor 

Select * from #DBRoles 

where ((@database is null) OR (DBName LIKE '%'[email protected]+'%')) AND 

((@user is null) OR (UserName LIKE '%'[email protected]+'%')) AND 

((@dbo is null) OR (db_owner = 'Yes')) AND 

((@access is null) OR (db_accessadmin = 'Yes')) AND 

((@security is null) OR (db_securityadmin = 'Yes')) AND 

((@ddl is null) OR (db_ddladmin = 'Yes')) AND 

((@datareader is null) OR (db_datareader = 'Yes')) AND 

((@datawriter is null) OR (db_datawriter = 'Yes')) AND 

((@denyread is null) OR (db_denydatareader = 'Yes')) AND 

((@denywrite is null) OR (db_denydatawriter = 'Yes'))

來源

2013-06-25 02:26:43 KeyboardFriendly

+0

是什麼更新和更新訪問的區別? – user1542296

+1

這是一個錯字,我更新了! – KeyboardFriendly

+1

另外請注意''DENY'勝過任何'GRANT'而'REVOKE'只是刪除'GRANT'(或'DENY')。因此,如果您拒絕了某個權限,那麼您將無法以任何方式將該用戶恢復爲「DBO」或「sysadmin」,當然您也可以通過「REVOKE」刪除該「DENY」。 –

相關問題

 相關問題