本文详细介绍了如何在数据库环境中创建、授权、撤销用户权限,包括登录用户、操作权限、角色授权等步骤。
USE mydb GO --1. 新建测试用户 --1.1 添加登录用户和密码 EXEC sp_addlogin N'tony','123' --1.2 使其成为当前数据库的合法用户 EXEC sp_grantdbaccess N'tony' --2.设置操作授权 --2.1 授予对自己数据库的所有权限 EXEC sp_addrolemember N'db_owner', N'tony' --2.2 以下是设置具体操作权限 --授予tony对所有用户表的操作权限 GRANT SELECT,INSERT,UPDATE,DELETE TO tony --授予tony SELECT,UPDATE到具体的表 GRANT SELECT,UPDATE ON tb TO tony --授予tony SELECT,UPDATE到具体的表和列 GRANT SELECT,UPDATE ON tb(id,col) TO tony --禁止tony对所有用户表的操作权限 DENY SELECT,INSERT,UPDATE,DELETE TO tony --禁止tony SELECT,UPDATE到具体的表 DENY SELECT,UPDATE ON tb TO tony --禁止tony SELECT,UPDATE到具体的表和列 DENY SELECT,UPDATE ON tb(id,col) TO tony --删除tony 对所有用户表的授权信息 REVOKE SELECT,INSERT,UPDATE,DELETE TO tony --授予tony对具有创建表、视图、存储过程等的操作权限 GRANT CREATE TABLE,CREATE VIEW,CREATE PROC TO tony --禁止tony对具有创建表、视图、存储过程等的操作权限 DENY CREATE TABLE,CREATE VIEW,CREATE PROC TO tony --删除tony对具有创建表、视图、存储过程等的授权信息 REVOKE CREATE TABLE,CREATE VIEW,CREATE PROC TO tony GO --注:更多相关授权信息参考后面的附表中“数据库权限”列。 --3. 删除测试用户 EXEC sp_revokedbaccess N'tony' --移除用户对数据库的访问权限 EXEC sp_droplogin N'tony' --删除登录用户 GO
附表:
ALTER CONTROL ALTER ANY DATABASE ALTER ANY APPLICATION ROLE ALTER CONTROL SERVER ALTER ANY ASSEMBLY ALTER CONTROL SERVER ALTER ANY ASYMMETRIC KEY ALTER CONTROL SERVER ALTER ANY CERTIFICATE ALTER CONTROL SERVER ALTER ANY CONTRACT ALTER CONTROL SERVER ALTER ANY DATABASE DDL TRIGGER ALTER CONTROL SERVER ALTER ANY DATABASE EVENT NOTIFICATION ALTER ALTER ANY EVENT NOTIFICATION ALTER ANY DATASPACE ALTER CONTROL SERVER ALTER ANY FULLTEXT CATALOG ALTER CONTROL SERVER ALTER ANY MESSAGE TYPE ALTER CONTROL SERVER ALTER ANY REMOTE SERVICE BINDING ALTER CONTROL SERVER ALTER ANY ROLE ALTER CONTROL SERVER ALTER ANY ROUTE ALTER CONTROL SERVER ALTER ANY SCHEMA ALTER CONTROL SERVER ALTER ANY SERVICE ALTER CONTROL SERVER ALTER ANY SYMMETRIC KEY ALTER CONTROL SERVER ALTER ANY USER ALTER CONTROL SERVER AUTHENTICATE CONTROL AUTHENTICATE SERVER BACKUP DATABASE CONTROL CONTROL SERVER BACKUP LOG CONTROL CONTROL SERVER CHECKPOINT CONTROL CONTROL SERVER CONNECT CONNECT REPLICATION CONTROL SERVER CONNECT REPLICATION CONTROL CONTROL SERVER CONTROL CONTROL CONTROL SERVER CREATE AGGREGATE ALTER CONTROL SERVER CREATE ASSEMBLY ALTER ANY ASSEMBLY CONTROL SERVER CREATE ASYMMETRIC KEY ALTER ANY ASYMMETRIC KEY CONTROL SERVER CREATE CERTIFICATE ALTER ANY CERTIFICATE CONTROL SERVER CREATE CONTRACT ALTER ANY CONTRACT CONTROL SERVER CREATE DATABASE CONTROL CREATE ANY DATABASE CREATE DATABASE DDL EVENT NOTIFICATION ALTER ANY DATABASE EVENT NOTIFICATION CREATE DDL EVENT NOTIFICATION CREATE DEFAULT ALTER CONTROL SERVER CREATE FULLTEXT CATALOG ALTER ANY FULLTEXT CATALOG CONTROL SERVER CREATE FUNCTION ALTER CONTROL SERVER CREATE MESSAGE TYPE ALTER ANY MESSAGE TYPE CONTROL SERVER CREATE PROCEDURE ALTER CONTROL SERVER CREATE QUEUE ALTER CONTROL SERVER CREATE REMOTE SERVICE BINDING ALTER ANY REMOTE SERVICE BINDING CONTROL SERVER CREATE ROLE ALTER ANY ROLE CONTROL SERVER CREATE ROUTE ALTER ANY ROUTE CONTROL SERVER CREATE RULE ALTER CONTROL SERVER CREATE SCHEMA ALTER ANY SCHEMA CONTROL SERVER CREATE SERVICE ALTER ANY SERVICE CONTROL SERVER CREATE SYMMETRIC KEY ALTER ANY SYMMETRIC KEY CONTROL SERVER CREATE SYNONYM ALTER CONTROL SERVER CREATE TABLE ALTER CONTROL SERVER CREATE TYPE ALTER CONTROL SERVER CREATE VIEW ALTER CONTROL SERVER CREATE XML SCHEMA COLLECTION ALTER CONTROL SERVER DELETE CONTROL CONTROL SERVER EXECUTE CONTROL CONTROL SERVER INSERT CONTROL CONTROL SERVER REFERENCES CONTROL CONTROL SERVER SELECT CONTROL CONTROL SERVER SHOWPLAN CONTROL ALTER TRACE SUBSCRIBE QUERY NOTIFICATIONS CONTROL CONTROL SERVER TAKE OWNERSHIP CONTROL CONTROL SERVER UPDATE CONTROL CONTROL SERVER VIEW DATABASE STATE CONTROL VIEW SERVER STATE VIEW DEFINITION CONTROL VIEW ANY DEFINITION数据库权限 数据库权限隐含的权限 服务器权限隐含的权限
扫一扫
2024
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
