1. 首页
  2. 问答
  3. 如何拒绝更新权限到一个SQL表,但允许其他人?

如何拒绝更新权限到一个SQL表,但允许其他人?

2013-06-25 95 views

回答

4 
--All 
GRANT INSERT, UPDATE, SELECT ON Customers TO Joe, Mary 


--Revoke UPDATE access to table Customers for user Joe 
REVOKE UPDATE ON Customers to Joe 

--Cant Delete 
DENY DELETE ON Customers to Joe, Mary 

--Can Exec StoredProcedure 
GRANT EXEC ON uspInsertCustomers TO Joe 

--Grant Create Table 
GRANT CREATE TABLE TO Joe

这显示用户信息

CREATE procedure [dbo].[List_DBRoles] 

(

@database nvarchar(128)=null, 

@user varchar(20)=null, 

@dbo char(1)=null, 

@access char(1)=null, 

@security char(1)=null, 

@ddl char(1)=null, 

@datareader char(1)=null, 

@datawriter char(1)=null, 

@denyread char(1)=null, 

@denywrite char(1)=null 

) 

as 

declare @dbname varchar(200) 

declare @mSql1 varchar(8000) 

CREATE TABLE #DBROLES 

(DBName sysname not null, 

UserName sysname not null, 

db_owner varchar(3) not null, 

db_accessadmin varchar(3) not null, 

db_securityadmin varchar(3) not null, 

db_ddladmin varchar(3) not null, 

db_datareader varchar(3) not null, 

db_datawriter varchar(3) not null, 

db_denydatareader varchar(3) not null, 

db_denydatawriter varchar(3) not null, 

Cur_Date datetime not null default getdate() 

) 



DECLARE DBName_Cursor CURSOR FOR 

select name 

from master.dbo.sysdatabases 

where name not in ('mssecurity','tempdb') 

Order by name 

OPEN DBName_Cursor 

FETCH NEXT FROM DBName_Cursor INTO @dbname 

WHILE @@FETCH_STATUS = 0 

BEGIN 

Set @mSQL1 = ' Insert into #DBROLES (DBName, UserName, db_owner, db_accessadmin, 

db_securityadmin, db_ddladmin, db_datareader, db_datawriter, 

db_denydatareader, db_denydatawriter) 

SELECT '+''''[email protected] +''''+ ' as DBName ,UserName, '+char(13)+ ' 

Max(CASE RoleName WHEN ''db_owner'' THEN ''Yes'' ELSE ''No'' END) AS db_owner, 

Max(CASE RoleName WHEN ''db_accessadmin '' THEN ''Yes'' ELSE ''No'' END) AS db_accessadmin , 

Max(CASE RoleName WHEN ''db_securityadmin'' THEN ''Yes'' ELSE ''No'' END) AS db_securityadmin, 

Max(CASE RoleName WHEN ''db_ddladmin'' THEN ''Yes'' ELSE ''No'' END) AS db_ddladmin, 

Max(CASE RoleName WHEN ''db_datareader'' THEN ''Yes'' ELSE ''No'' END) AS db_datareader, 

Max(CASE RoleName WHEN ''db_datawriter'' THEN ''Yes'' ELSE ''No'' END) AS db_datawriter, 

Max(CASE RoleName WHEN ''db_denydatareader'' THEN ''Yes'' ELSE ''No'' END) AS db_denydatareader, 

Max(CASE RoleName WHEN ''db_denydatawriter'' THEN ''Yes'' ELSE ''No'' END) AS db_denydatawriter 

from (

select b.name as USERName, c.name as RoleName 

from ' + @dbName+'.dbo.sysmembers a '+char(13)+ 

' join '+ @dbName+'.dbo.sysusers b '+char(13)+ 

' on a.memberuid = b.uid join '[email protected] +'.dbo.sysusers c 

on a.groupuid = c.uid)s 

Group by USERName 

order by UserName' 

--Print @mSql1 

Execute (@mSql1) 

FETCH NEXT FROM DBName_Cursor INTO @dbname 

END 

CLOSE DBName_Cursor 

DEALLOCATE DBName_Cursor 

Select * from #DBRoles 

where ((@database is null) OR (DBName LIKE '%'[email protected]+'%')) AND 

((@user is null) OR (UserName LIKE '%'[email protected]+'%')) AND 

((@dbo is null) OR (db_owner = 'Yes')) AND 

((@access is null) OR (db_accessadmin = 'Yes')) AND 

((@security is null) OR (db_securityadmin = 'Yes')) AND 

((@ddl is null) OR (db_ddladmin = 'Yes')) AND 

((@datareader is null) OR (db_datareader = 'Yes')) AND 

((@datawriter is null) OR (db_datawriter = 'Yes')) AND 

((@denyread is null) OR (db_denydatareader = 'Yes')) AND 

((@denywrite is null) OR (db_denydatawriter = 'Yes'))

来源

2013-06-25 02:26:43 KeyboardFriendly

+0

是什么更新和更新访问的区别? – user1542296

+1

这是一个错字,我更新了! – KeyboardFriendly

+1

另外请注意''DENY'胜过任何'GRANT'而'REVOKE'只是删除'GRANT'(或'DENY')。因此,如果您拒绝了某个权限,那么您将无法以任何方式将该用户恢复为“DBO”或“sysadmin”,当然您也可以通过“REVOKE”删除该“DENY”。 –

相关问题

 相关问题