参考文献 正文 要想成功访问 SQL Server 数据库中的数据, 我们需要两个方面的授权: 获得准许连接 SQL Server 服务器的权利; 获得访问特定数据库中数据的权利(select, update, delete, create table ...)。 假设,我们准备建立一个 dba 数据库帐户,用来
参考文献
正文
要想成功访问 SQL Server 数据库中的数据, 我们需要两个方面的授权:
- 获得准许连接 SQL Server 服务器的权利;
- 获得访问特定数据库中数据的权利(select, update, delete, create table ...)。
假设,我们准备建立一个 dba 数据库帐户,用来管理数据库 mydb。
1. 首先在 SQL Server 服务器级别,创建登陆帐户(create login)
<span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">--</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">创建登陆帐户(create login)</span> <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">create</span> login dba <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">with</span> password<span style="margin:0px; padding:0px; line-height:1.8; color:rgb(128,128,128)">=</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">'</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">abcd1234@</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">'</span>, default_database<span style="margin:0px; padding:0px; line-height:1.8; color:rgb(128,128,128)">=</span>mydb
登陆帐户名为:“dba”,登陆密码:abcd1234@”,默认连接到的数据库:“mydb”。 这时候,dba 帐户就可以连接到 SQL Server 服务器上了。但是此时还不能 访问数据库中的对象(严格的说,此时 dba 帐户默认是 guest 数据库用户身份, 可以访问 guest 能够访问的数据库对象)。
要使 dba 帐户能够在 mydb 数据库中访问自己需要的对象, 需要在数据库 mydb 中建立一个“数据库用户”,赋予这个“数据库用户” 某些访问权限,并且把登陆帐户“dba” 和这个“数据库用户” 映射起来。 习惯上,“数据库用户” 的名字和 “登陆帐户”的名字相同,即:“dba”。 创建“数据库用户”和建立映射关系只需要一步即可完成:
2. 创建数据库用户(create user):
<span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">--</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">为登陆账户创建数据库用户(create user),在mydb数据库中的security中的user下可以找到新创建的dba</span> <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">create</span> <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,255)">user</span> dba <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">for</span> login dba <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">with</span> default_schema<span style="margin:0px; padding:0px; line-height:1.8; color:rgb(128,128,128)">=</span>dbo
并指定数据库用户“dba” 的默认 schema 是“dbo”。这意味着 用户“dba” 在执行“select * from t”,实际上执行的是 “select * from dbo.t”。
3. 通过加入数据库角色,赋予数据库用户“dba”权限:
<span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">--</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">通过加入数据库角色,赋予数据库用户“db_owner”权限</span> <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">exec</span> sp_addrolemember <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">'</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">db_owner</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">'</span>, <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">'</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">dba</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">'</span>
此时,dba 就可以全权管理数据库 mydb 中的对象了。
如果想让 SQL Server 登陆帐户“dba”访问多个数据库,比如 mydb2。 可以让 sa 执行下面的语句:
<span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">--</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">让 SQL Server 登陆帐户“dba”访问多个数据库</span> <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">use</span><span style="margin:0px; padding:0px; line-height:1.8"> mydb2 </span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">go</span> <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">create</span> <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,255)">user</span> dba <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">for</span> login dba <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">with</span> default_schema<span style="margin:0px; padding:0px; line-height:1.8; color:rgb(128,128,128)">=</span><span style="margin:0px; padding:0px; line-height:1.8">dbo </span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">go</span> <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">exec</span> sp_addrolemember <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">'</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">db_owner</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">'</span>, <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">'</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">dba</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">'</span> <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">go</span>
此时,dba 就可以有两个数据库 mydb, mydb2 的管理权限了!
完整的代码示例
--创建数据库mydb和mydb2 --在mydb和mydb2中创建测试表,默认是dbo这个schema CREATE TABLE DEPT (DEPTNO int primary key, DNAME VARCHAR(14), LOC VARCHAR(13) ); --插入数据 INSERT INTO DEPT VALUES (101, 'ACCOUNTING', 'NEW YORK'); INSERT INTO DEPT VALUES (201, 'RESEARCH', 'DALLAS'); INSERT INTO DEPT VALUES (301, 'SALES', 'CHICAGO'); INSERT INTO DEPT VALUES (401, 'OPERATIONS', 'BOSTON'); --查看数据库schema, user 的存储过程 select * from sys.database_principals select * from sys.schemas select * from sys.server_principals --创建登陆帐户(create login) create login dba with password='abcd1234@', default_database=mydb --为登陆账户创建数据库用户(create user),在mydb数据库中的security中的user下可以找到新创建的dba create user dba for login dba with default_schema=dbo <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">--</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">通过加入数据库角色,赋予数据库用户“db_owner”权限</span> <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">exec</span> sp_addrolemember <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">'</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">db_owner</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">'</span>, <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">'</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">dba</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">'</span> <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">--</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">让 SQL Server 登陆帐户“dba”访问多个数据库</span> <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">use</span><span style="margin:0px; padding:0px; line-height:1.8"> mydb2 </span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">go</span> <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">create</span> <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,255)">user</span> dba <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">for</span> login dba <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">with</span> default_schema<span style="margin:0px; padding:0px; line-height:1.8; color:rgb(128,128,128)">=</span><span style="margin:0px; padding:0px; line-height:1.8">dbo </span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">go</span> <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">exec</span> sp_addrolemember <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">'</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">db_owner</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">'</span>, <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">'</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">dba</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">'</span> <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">go</span> --禁用登陆帐户 alter login dba disable --启用登陆帐户 alter login dba enable --登陆帐户改名 alter login dba with name=dba_tom --登陆帐户改密码: alter login dba with password='aabb@ccdd' --数据库用户改名: alter user dba with name=dba_tom --更改数据库用户 defult_schema: alter user dba with default_schema=sales --删除数据库用户: drop user dba --删除 SQL Server登陆帐户: drop login dba
使用存储过程来完成用户创建
下面一个实例来说明在sqlserver中如何使用存储过程创建角色,重建登录,以及如何为登录授权等问题。
<span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">/*</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">--示例说明
示例在数据库InsideTSQL2008中创建一个拥有表HR.Employees的所有权限、拥有表Sales.Orders的SELECT权限的角色r_test
随后创建了一个登录l_test,然后在数据库InsideTSQL2008中为登录l_test创建了用户账户u_test
同时将用户账户u_test添加到角色r_test中,使其通过权限继承获取了与角色r_test一样的权限
最后使用DENY语句拒绝了用户账户u_test对表HR.Employees的SELECT权限。
经过这样的处理,使用l_test登录SQL Server实例后,它只具有表Sales.Orders的select权限和对表HR.Employees出select外的所有权限。
--</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">*/</span>
<span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">USE</span><span style="margin:0px; padding:0px; line-height:1.8"> InsideTSQL2008
</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">--</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">创建角色 r_test</span>
<span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">EXEC</span> sp_addrole <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">'</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">r_test</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">'</span>
<span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">--</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">添加登录 l_test,设置密码为pwd,默认数据库为pubs</span>
<span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">EXEC</span> sp_addlogin <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">'</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">l_test</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">'</span>,<span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">'</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">a@cd123</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">'</span>,<span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">'</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">InsideTSQL2008</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">'</span>
<span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">--</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">为登录 l_test 在数据库 pubs 中添加安全账户 u_test</span>
<span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">EXEC</span> sp_grantdbaccess <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">'</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">l_test</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">'</span>,<span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">'</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">u_test</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">'</span>
<span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">--</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">添加 u_test 为角色 r_test 的成员</span>
<span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">EXEC</span> sp_addrolemember <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">'</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">r_test</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">'</span>,<span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">'</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">u_test</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">'</span>
<span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">--</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">用l_test登陆,发现在SSMS中找不到仍和表,因此执行下述两条语句出错。</span>
<span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">select</span> <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(128,128,128)">*</span> <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">from</span><span style="margin:0px; padding:0px; line-height:1.8"> Sales.Orders
</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">select</span> <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(128,128,128)">*</span> <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">from</span><span style="margin:0px; padding:0px; line-height:1.8"> HR.Employees
</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">--</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">授予角色 r_test 对 HR.Employees 表的所有权限</span>
<span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">GRANT</span> <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(128,128,128)">ALL</span> <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">ON</span> HR.Employees <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">TO</span><span style="margin:0px; padding:0px; line-height:1.8"> r_test
</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">--</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">The ALL permission is deprecated and maintained only for compatibility. </span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">
--</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">It DOES NOT imply ALL permissions defined on the entity.</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">
--</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">ALL 权限已不再推荐使用,并且只保留用于兼容性目的。它并不表示对实体定义了 ALL 权限。</span>
<span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">--</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">测试可以查询表HR.Employees,但是Sales.Orders无法查询</span>
<span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">select</span> <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(128,128,128)">*</span> <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">from</span><span style="margin:0px; padding:0px; line-height:1.8"> HR.Employees
</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">--</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">如果要收回权限,可以使用如下语句。(可选择执行)</span>
<span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">revoke</span> <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(128,128,128)">all</span> <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">on</span> HR.Employees <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">from</span><span style="margin:0px; padding:0px; line-height:1.8"> r_test
</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">--</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">ALL 权限已不再推荐使用,并且只保留用于兼容性目的。它并不表示对实体定义了 ALL 权限。</span>
<span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">--</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">授予角色 r_test 对 Sales.Orders 表的 SELECT 权限</span>
<span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">GRANT</span> <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">SELECT</span> <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">ON</span> Sales.Orders <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">TO</span><span style="margin:0px; padding:0px; line-height:1.8"> r_test
</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">--</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">用l_test登陆,发现可以查询Sales.Orders和HR.Employees两张表</span>
<span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">select</span> <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(128,128,128)">*</span> <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">from</span><span style="margin:0px; padding:0px; line-height:1.8"> Sales.Orders
</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">select</span> <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(128,128,128)">*</span> <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">from</span><span style="margin:0px; padding:0px; line-height:1.8"> HR.Employees
</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">--</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">拒绝安全账户 u_test 对 HR.Employees 表的 SELECT 权限</span>
<span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">DENY</span> <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">SELECT</span> <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">ON</span> HR.Employees <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">TO</span><span style="margin:0px; padding:0px; line-height:1.8"> u_test
</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">--</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">再次执行查询HR.Employees表的语句,提示:拒绝了对对象 'Employees' (数据库 'InsideTSQL2008',架构 'HR')的 SELECT 权限。</span>
<span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">select</span> <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(128,128,128)">*</span> <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">from</span><span style="margin:0px; padding:0px; line-height:1.8"> HR.Employees
</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">--</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">重新授权</span>
<span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">GRANT</span> <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">SELECT</span> <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">ON</span> HR.Employees <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">TO</span><span style="margin:0px; padding:0px; line-height:1.8"> u_test
</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">--</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">再次查询,可以查询出结果。</span>
<span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">select</span> <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(128,128,128)">*</span> <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">from</span><span style="margin:0px; padding:0px; line-height:1.8"> HR.Employees
</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">USE</span><span style="margin:0px; padding:0px; line-height:1.8"> InsideTSQL2008
</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">--</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">从数据库中删除安全账户,failed</span>
<span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">EXEC</span> sp_revokedbaccess <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">'</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">u_test</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">'</span>
<span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">--</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">删除角色 r_test,failed</span>
<span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">EXEC</span> sp_droprole <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">'</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">r_test</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">'</span>
<span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">--</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">删除登录 l_test,success</span>
<span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">EXEC</span> sp_droplogin <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">'</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">l_test</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">'</span>
revoke 与 deny的区别
revoke:收回之前被授予的权限
deny:拒绝给当前数据库内的安全帐户授予权限并防止安全帐户通过其组或角色成员资格继承权限。比如UserA所在的角色组有inset权限,但是我们Deny UserA使其没有insert权限,那么以后即使UserA再怎么到其他含有Insert的角色组中去,还是没有insert权限,除非该用户被显示授权。
简单来说,deny就是将来都不许给,revoke就是收回已经给予的。
实例
<span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">GRANT</span> <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">INSERT</span> <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">ON</span> TableA <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">TO</span><span style="margin:0px; padding:0px; line-height:1.8"> RoleA </span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">GO</span> <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">EXEC</span> sp_addrolemember RoleA, <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">'</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">UserA</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(255,0,0)">'</span> <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">--</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)"> 用户UserA将有TableA的INSERT权限</span> <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">GO</span> <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">REVOKE</span> <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">INSERT</span> <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">ON</span> TableA <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">FROM</span> RoleA <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">--</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)"> 用户UserA将没有TableA的INSERT权限,收回权限</span> <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">GO</span> <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">GRANT</span> <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">INSERT</span> <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">ON</span> TableA TORoleA <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">--</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">重新给RoleA以TableA的INSERT权限</span> <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">GO</span> <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">DENY</span> <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">INSERT</span> <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">ON</span> TableA <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,0,255)">TO</span> UserA <span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)">--</span><span style="margin:0px; padding:0px; line-height:1.8; color:rgb(0,128,128)"> 虽然用户UserA所在RoleA有TableA的INSERT权限,但UserA本身被DENY了,所以用户UserA将没有TableA的INSERT权限。</span>
参考: http://database.51cto.com/art/201009/224075.htm
声明
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系admin@php.cn
您什么时候应该使用复合索引与多个单列索引?Apr 11, 2025 am 12:06 AM在数据库优化中,应根据查询需求选择索引策略:1.当查询涉及多个列且条件顺序固定时,使用复合索引;2.当查询涉及多个列但条件顺序不固定时,使用多个单列索引。复合索引适用于优化多列查询,单列索引则适合单列查询。
如何识别和优化MySQL中的慢速查询? (慢查询日志,performance_schema)Apr 10, 2025 am 09:36 AM要优化MySQL慢查询,需使用slowquerylog和performance_schema:1.启用slowquerylog并设置阈值,记录慢查询;2.利用performance_schema分析查询执行细节,找出性能瓶颈并优化。
MySQL和SQL:开发人员的基本技能Apr 10, 2025 am 09:30 AMMySQL和SQL是开发者必备技能。1.MySQL是开源的关系型数据库管理系统,SQL是用于管理和操作数据库的标准语言。2.MySQL通过高效的数据存储和检索功能支持多种存储引擎,SQL通过简单语句完成复杂数据操作。3.使用示例包括基本查询和高级查询,如按条件过滤和排序。4.常见错误包括语法错误和性能问题,可通过检查SQL语句和使用EXPLAIN命令优化。5.性能优化技巧包括使用索引、避免全表扫描、优化JOIN操作和提升代码可读性。
描述MySQL异步主奴隶复制过程。Apr 10, 2025 am 09:30 AMMySQL异步主从复制通过binlog实现数据同步,提升读性能和高可用性。1)主服务器记录变更到binlog;2)从服务器通过I/O线程读取binlog;3)从服务器的SQL线程应用binlog同步数据。
mysql:简单的概念,用于轻松学习Apr 10, 2025 am 09:29 AMMySQL是一个开源的关系型数据库管理系统。1)创建数据库和表:使用CREATEDATABASE和CREATETABLE命令。2)基本操作:INSERT、UPDATE、DELETE和SELECT。3)高级操作:JOIN、子查询和事务处理。4)调试技巧:检查语法、数据类型和权限。5)优化建议:使用索引、避免SELECT*和使用事务。
MySQL:数据库的用户友好介绍Apr 10, 2025 am 09:27 AMMySQL的安装和基本操作包括:1.下载并安装MySQL,设置根用户密码;2.使用SQL命令创建数据库和表,如CREATEDATABASE和CREATETABLE;3.执行CRUD操作,使用INSERT,SELECT,UPDATE,DELETE命令;4.创建索引和存储过程以优化性能和实现复杂逻辑。通过这些步骤,你可以从零开始构建和管理MySQL数据库。
InnoDB缓冲池如何工作,为什么对性能至关重要?Apr 09, 2025 am 12:12 AMInnoDBBufferPool通过将数据和索引页加载到内存中来提升MySQL数据库的性能。1)数据页加载到BufferPool中,减少磁盘I/O。2)脏页被标记并定期刷新到磁盘。3)LRU算法管理数据页淘汰。4)预读机制提前加载可能需要的数据页。
MySQL:初学者的数据管理易用性Apr 09, 2025 am 12:07 AMMySQL适合初学者使用,因为它安装简单、功能强大且易于管理数据。1.安装和配置简单,适用于多种操作系统。2.支持基本操作如创建数据库和表、插入、查询、更新和删除数据。3.提供高级功能如JOIN操作和子查询。4.可以通过索引、查询优化和分表分区来提升性能。5.支持备份、恢复和安全措施,确保数据的安全和一致性。
热AI工具
Undresser.AI Undress
人工智能驱动的应用程序,用于创建逼真的裸体照片
AI Clothes Remover
用于从照片中去除衣服的在线人工智能工具。
Undress AI Tool
免费脱衣服图片
Clothoff.io
AI脱衣机
AI Hentai Generator
免费生成ai无尽的。
热门文章
R.E.P.O.能量晶体解释及其做什么(黄色晶体)
3 周前By尊渡假赌尊渡假赌尊渡假赌
R.E.P.O.最佳图形设置
3 周前By尊渡假赌尊渡假赌尊渡假赌
刺客信条阴影:贝壳谜语解决方案
2 周前ByDDD
R.E.P.O.如果您听不到任何人,如何修复音频
3 周前By尊渡假赌尊渡假赌尊渡假赌
WWE 2K25:如何解锁Myrise中的所有内容
3 周前By尊渡假赌尊渡假赌尊渡假赌
热工具
DVWA
Damn Vulnerable Web App (DVWA) 是一个PHP/MySQL的Web应用程序,非常容易受到攻击。它的主要目标是成为安全专业人员在合法环境中测试自己的技能和工具的辅助工具,帮助Web开发人员更好地理解保护Web应用程序的过程,并帮助教师/学生在课堂环境中教授/学习Web应用程序安全。DVWA的目标是通过简单直接的界面练习一些最常见的Web漏洞,难度各不相同。请注意,该软件中
适用于 Eclipse 的 SAP NetWeaver 服务器适配器
将Eclipse与SAP NetWeaver应用服务器集成。
EditPlus 中文破解版
体积小,语法高亮,不支持代码提示功能
Dreamweaver Mac版
视觉化网页开发工具
禅工作室 13.0.1
功能强大的PHP集成开发环境
