为用户创建只能查看一个视图的权限
create permission for user to see only one view
我有一个数据库并创建了登录名和用户,
此用户无法看到任何内容。
grant select on GuestView to PublicLogin
此用户看到此视图后
但用户可以 select 任何
我的问题
为什么我可以锁定用户进行任何 select 插入/更新?
我试过这个
没用。
SELECT 'REVOKE SELECT ON ' + quotename('dbo') + '.' + quotename('AccessCheckpoint') + ' TO PublicLogin' FROM INFORMATION_SCHEMA.TABLES
SELECT 'REVOKE UPDATE ON ' + quotename('dbo') + '.' + quotename('AccessCheckpoint') + ' TO PublicLogin' FROM INFORMATION_SCHEMA.TABLES
SELECT 'REVOKE INSERT ON ' + quotename('dbo') + '.' + quotename('AccessCheckpoint') + ' TO PublicLogin' FROM INFORMATION_SCHEMA.TABLES
SELECT 'REVOKE DELETE ON ' + quotename('dbo') + '.' + quotename('AccessCheckpoint') + ' TO PublicLogin' FROM INFORMATION_SCHEMA.TABLES
SELECT 'REVOKE EXECUTE ON ' + quotename('dbo') + '.' + quotename('AccessCheckpoint') + ' TO PublicLogin' FROM INFORMATION_SCHEMA.TABLES
但再次 select 正常工作
select *from AccessCheckpoint
DECLARE @TableUsedInView NVARCHAR(100)
DECLARE @TableUsedInView2 NVARCHAR(100)
SET @TableUsedInView='PulibcTable1'
SET @TableUsedInView2='PulibcTable2'
SELECT 'REVOKE SELECT ON ' + quotename(table_schema) + '.' + quotename(table_name) + ' TO PublicLogin'
FROM INFORMATION_SCHEMA.TABLES
WHERE table_name NOT IN(@TableUsedInView,@TableUsedInView2)
SELECT 'REVOKE UPDATE ON ' + quotename(table_schema) + '.' + quotename(table_name) + ' TO PublicLogin'
FROM INFORMATION_SCHEMA.TABLES
SELECT 'REVOKE DELETE ON ' + quotename(table_schema) + '.' + quotename(table_name) + ' TO PublicLogin'
FROM INFORMATION_SCHEMA.TABLES
SELECT 'REVOKE INSERT ON ' + quotename(table_schema) + '.' + quotename(table_name) + ' TO PublicLogin'
FROM INFORMATION_SCHEMA.TABLES
SELECT 'REVOKE EXECUTE ON ' + quotename(routine_schema) + '.' + quotename(routine_name) + ' TO PublicLogin'
FROM INFORMATION_SCHEMA.ROUTINES
SELECT 'GRANT SELECT ON GuestView to PublicLogin'
SELECT 'GRANT SELECT ON ' + @TableUsedInView + ' TO PublicLogin'
SELECT 'GRANT SELECT ON ' + @TableUsedInView2 + ' TO PublicLogin'
复制这些结果并将它们粘贴到新查询 window 和 运行 中。您应该检查输出以确保您只包括您需要的视图和过程。
更新:
这是为了确保用户没有之前对表的任何权限。如果你按照我上面写的那样做,你可以在访客视图中创建以下查询:
SELECT *
FROM PulibcTable1 AS P
INNER JOIN PulibcTable2 AS P2 ON P.UserID=P2.UserID
但是 Public 如果您看到这个,登录将无法获取行:
SELECT *
FROM InternTable
This is because he has access only to read from the 2 tables
我有一个数据库并创建了登录名和用户, 此用户无法看到任何内容。
grant select on GuestView to PublicLogin
此用户看到此视图后 但用户可以 select 任何
我的问题
为什么我可以锁定用户进行任何 select 插入/更新? 我试过这个 没用。
SELECT 'REVOKE SELECT ON ' + quotename('dbo') + '.' + quotename('AccessCheckpoint') + ' TO PublicLogin' FROM INFORMATION_SCHEMA.TABLES
SELECT 'REVOKE UPDATE ON ' + quotename('dbo') + '.' + quotename('AccessCheckpoint') + ' TO PublicLogin' FROM INFORMATION_SCHEMA.TABLES
SELECT 'REVOKE INSERT ON ' + quotename('dbo') + '.' + quotename('AccessCheckpoint') + ' TO PublicLogin' FROM INFORMATION_SCHEMA.TABLES
SELECT 'REVOKE DELETE ON ' + quotename('dbo') + '.' + quotename('AccessCheckpoint') + ' TO PublicLogin' FROM INFORMATION_SCHEMA.TABLES
SELECT 'REVOKE EXECUTE ON ' + quotename('dbo') + '.' + quotename('AccessCheckpoint') + ' TO PublicLogin' FROM INFORMATION_SCHEMA.TABLES
但再次 select 正常工作
select *from AccessCheckpoint
DECLARE @TableUsedInView NVARCHAR(100)
DECLARE @TableUsedInView2 NVARCHAR(100)
SET @TableUsedInView='PulibcTable1'
SET @TableUsedInView2='PulibcTable2'
SELECT 'REVOKE SELECT ON ' + quotename(table_schema) + '.' + quotename(table_name) + ' TO PublicLogin'
FROM INFORMATION_SCHEMA.TABLES
WHERE table_name NOT IN(@TableUsedInView,@TableUsedInView2)
SELECT 'REVOKE UPDATE ON ' + quotename(table_schema) + '.' + quotename(table_name) + ' TO PublicLogin'
FROM INFORMATION_SCHEMA.TABLES
SELECT 'REVOKE DELETE ON ' + quotename(table_schema) + '.' + quotename(table_name) + ' TO PublicLogin'
FROM INFORMATION_SCHEMA.TABLES
SELECT 'REVOKE INSERT ON ' + quotename(table_schema) + '.' + quotename(table_name) + ' TO PublicLogin'
FROM INFORMATION_SCHEMA.TABLES
SELECT 'REVOKE EXECUTE ON ' + quotename(routine_schema) + '.' + quotename(routine_name) + ' TO PublicLogin'
FROM INFORMATION_SCHEMA.ROUTINES
SELECT 'GRANT SELECT ON GuestView to PublicLogin'
SELECT 'GRANT SELECT ON ' + @TableUsedInView + ' TO PublicLogin'
SELECT 'GRANT SELECT ON ' + @TableUsedInView2 + ' TO PublicLogin'
复制这些结果并将它们粘贴到新查询 window 和 运行 中。您应该检查输出以确保您只包括您需要的视图和过程。
更新:
这是为了确保用户没有之前对表的任何权限。如果你按照我上面写的那样做,你可以在访客视图中创建以下查询:
SELECT *
FROM PulibcTable1 AS P
INNER JOIN PulibcTable2 AS P2 ON P.UserID=P2.UserID
但是 Public 如果您看到这个,登录将无法获取行:
SELECT *
FROM InternTable
This is because he has access only to read from the 2 tables