为用户创建只能查看一个视图的权限

create permission for user to see only one view

我有一个数据库并创建了登录名和用户, 此用户无法看到任何内容。

grant select on GuestView to PublicLogin

此用户看到此视图后 但用户可以 select 任何

我的问题

为什么我可以锁定用户进行任何 select 插入/更新? 我试过这个 没用。

 SELECT 'REVOKE SELECT ON ' + quotename('dbo') + '.' + quotename('AccessCheckpoint') + ' TO PublicLogin' FROM INFORMATION_SCHEMA.TABLES

 SELECT 'REVOKE UPDATE ON ' + quotename('dbo') + '.' + quotename('AccessCheckpoint') + ' TO PublicLogin' FROM INFORMATION_SCHEMA.TABLES 

SELECT 'REVOKE INSERT ON ' + quotename('dbo') + '.' + quotename('AccessCheckpoint') + ' TO PublicLogin' FROM INFORMATION_SCHEMA.TABLES 

SELECT 'REVOKE DELETE ON ' + quotename('dbo') + '.' + quotename('AccessCheckpoint') + ' TO PublicLogin' FROM INFORMATION_SCHEMA.TABLES 

SELECT 'REVOKE EXECUTE ON ' + quotename('dbo') + '.' + quotename('AccessCheckpoint') + ' TO PublicLogin' FROM INFORMATION_SCHEMA.TABLES

但再次 select 正常工作

select *from AccessCheckpoint
DECLARE @TableUsedInView NVARCHAR(100)
DECLARE @TableUsedInView2 NVARCHAR(100)
SET @TableUsedInView='PulibcTable1'
SET @TableUsedInView2='PulibcTable2'

SELECT 'REVOKE SELECT ON ' + quotename(table_schema) + '.' + quotename(table_name) + ' TO PublicLogin' 
FROM INFORMATION_SCHEMA.TABLES
WHERE table_name NOT IN(@TableUsedInView,@TableUsedInView2)


SELECT 'REVOKE UPDATE ON ' + quotename(table_schema) + '.' + quotename(table_name) + ' TO PublicLogin' 
FROM INFORMATION_SCHEMA.TABLES


SELECT 'REVOKE DELETE ON ' + quotename(table_schema) + '.' + quotename(table_name) + ' TO PublicLogin' 
FROM INFORMATION_SCHEMA.TABLES



SELECT 'REVOKE INSERT ON ' + quotename(table_schema) + '.' + quotename(table_name) + ' TO PublicLogin' 
FROM INFORMATION_SCHEMA.TABLES


SELECT 'REVOKE EXECUTE ON ' + quotename(routine_schema) + '.' + quotename(routine_name) + ' TO PublicLogin' 
FROM INFORMATION_SCHEMA.ROUTINES

SELECT 'GRANT SELECT ON GuestView to PublicLogin'
SELECT 'GRANT SELECT ON ' + @TableUsedInView + ' TO PublicLogin'
SELECT 'GRANT SELECT ON ' + @TableUsedInView2 + ' TO PublicLogin'

复制这些结果并将它们粘贴到新查询 window 和 运行 中。您应该检查输出以确保您只包括您需要的视图和过程。

更新:

这是为了确保用户没有之前对表的任何权限。如果你按照我上面写的那样做,你可以在访客视图中创建以下查询:

SELECT *    
    FROM PulibcTable1 AS P
    INNER JOIN PulibcTable2 AS P2 ON P.UserID=P2.UserID

但是 Public 如果您看到这个,登录将无法获取行:

SELECT *    
    FROM InternTable 

This is because he has access only to read from the 2 tables