一个权限的设置,你会混淆么
實驗環境;
1 創建一個schema
SchemaCREATE?SCHEMA?[Sales]?AUTHORIZATION?[dbo]
?
2 創建兩個表,一個視圖,一個存儲過程
[Sales].[Customer]CREATE?TABLE?[Sales].[Customer](
????[Customer_ID]?[int]?NOT?NULL,
????[Customer_Name]?[nvarchar](50)?COLLATE?SQL_Latin1_General_CP1_CI_AS?NOT?NULL,
?CONSTRAINT?[PK_Sales.Customer]?PRIMARY?KEY?CLUSTERED?
(
????[Customer_ID]?ASC
)WITH?(IGNORE_DUP_KEY?=?OFF)?ON?[PRIMARY]
)?ON?[PRIMARY] [Sales].[CustomerContacts]
CREATE?TABLE?[Sales].[CustomerContacts](
????[Customer_ID]?[int]?NOT?NULL,
????[Customer_Address]?[nvarchar](50)?COLLATE?SQL_Latin1_General_CP1_CI_AS?NOT?NULL
)?ON?[PRIMARY]
GO
ALTER?TABLE?[Sales].[CustomerContacts]??WITH?CHECK?ADD??CONSTRAINT?[FK_CustomerContacts_Customer]?FOREIGN?KEY([Customer_ID])
REFERENCES?[Sales].[Customer]?([Customer_ID]) [Sales].[ContactList]
CREATE?VIEW?[Sales].[ContactList]
AS
SELECT?????Sales.Customer.Customer_ID,?Sales.Customer.Customer_Name,?Sales.CustomerContacts.Customer_Address
FROM?????????Sales.Customer?INNER?JOIN
??????????????????????Sales.CustomerContacts?ON?Sales.Customer.Customer_ID?=?Sales.CustomerContacts.Customer_ID
[Sales].[GetContact]
CREATE?PROCEDURE?[Sales].[GetContact]
AS
BEGIN
????--?SET?NOCOUNT?ON?added?to?prevent?extra?result?sets?from
????--?interfering?with?SELECT?statements.
????SET?NOCOUNT?ON;
????--?Insert?statements?for?procedure?here
????SELECT?*?from?Sales.ContactList
END
?
3 創建一個login
LoginCREATE?LOGIN?[SaleA]?WITH?PASSWORD=N'password',?DEFAULT_DATABASE=[MyDB],?DEFAULT_LANGUAGE=[us_english],?CHECK_EXPIRATION=OFF,?CHECK_POLICY=OFF
?
這個時候使用SaleA登錄MyDB是沒有任何權限的。執行下列命令會得到4個錯誤
T-SQLselect?*?from?Sales.Customer
select?*?from?Sales.CustomerContacts
select?*?from?Sales.ContactList
exec?Sales.GetContact
錯誤信息:
Msg 229, Level 14, State 5, Line 1
SELECT permission denied on object 'Customer', database 'MyDB', schema 'Sales'.
Msg 229, Level 14, State 5, Line 2
SELECT permission denied on object 'CustomerContacts', database 'MyDB', schema 'Sales'.
Msg 229, Level 14, State 5, Line 3
SELECT permission denied on object 'ContactList', database 'MyDB', schema 'Sales'.
Msg 229, Level 14, State 5, Procedure GetContact, Line 1
EXECUTE permission denied on object 'GetContact', database 'MyDB', schema 'Sales'.
但是你如果賦予SaleA執行存貯過程的權限,你就可以得到訪問到sp所對應的視圖,視圖所對應的表的內容了。
我開始是以為SaleA的權限應該包含試圖的select權限的。唉,真是實踐一下,才能知道不是這個樣子的。
這樣的設計應該是為了了管理的方便,如果需要級聯權限,肯定會暈掉的,這樣的簡潔明了的方式之值得我們學習和應用到其他的設計中去的
?
總結
以上是生活随笔為你收集整理的一个权限的设置,你会混淆么的全部內容,希望文章能夠幫你解決所遇到的問題。
