撤消授予用户对数据库的访问权限
undo giving user access to a database
我正在构建一个 Web 应用程序,可以在其中管理用户对多个数据库的访问。我使用以下代码为用户提供了对数据库的读取权限:
public void giveUserReadRightsForDatabase(int serverID, string dbName, string dbUsername, string myPassword)
{
ISFramework.Database myDB = new ISFramework.Database();
string myQuery = "IF NOT EXISTS (SELECT name FROM sys.sql_logins WHERE name ='" + dbUsername + "')" + Environment.NewLine +
"BEGIN" + Environment.NewLine +
"CREATE LOGIN " + dbUsername + " WITH PASSWORD = '" + myPassword +
"', CHECK_EXPIRATION=OFF, CHECK_POLICY=OFF" + Environment.NewLine +
"END" + Environment.NewLine +
"BEGIN TRY" + Environment.NewLine +
"USE [" + dbName + "]" + Environment.NewLine +
"CREATE USER " + dbUsername + " FOR LOGIN " + dbUsername + Environment.NewLine +
"USE [" + dbName + "]" + Environment.NewLine +
"ALTER ROLE db_datareader ADD MEMBER " + dbUsername + Environment.NewLine +
"END TRY" + Environment.NewLine +
"BEGIN CATCH" + Environment.NewLine +
"END CATCH";
myDB.executeNonQuery("DBServer" + serverID, myQuery);
}
我使用以下代码删除权限:
public void removePermissionsForThisDatabase(int serverID, string dbUsername, string dbName)
{
ISFramework.Database myDB = new ISFramework.Database();
string myQuery = "BEGIN TRY" + Environment.NewLine +
"USE [" + dbName + "]" + Environment.NewLine +
"CREATE USER " + dbUsername + " FOR LOGIN " + dbUsername + Environment.NewLine +
"USE [" + dbName + "]" + Environment.NewLine +
"ALTER ROLE db_datareader DROP MEMBER " + dbUsername + Environment.NewLine +
"USE [" + dbName + "]" + Environment.NewLine +
"ALTER ROLE db_datawriter DROP MEMBER " + dbUsername + Environment.NewLine +
"USE [" + dbName + "]" + Environment.NewLine +
"IF EXISTS (SELECT * FROM sys.sql_logins WHERE name = N'" + dbUsername + "')" + Environment.NewLine +
"DROP USER " + dbUsername + Environment.NewLine +
"IF EXISTS (SELECT * FROM sys.database_principals WHERE name = N'" + dbUsername + "')" + Environment.NewLine +
"DROP LOGIN " + dbUsername + Environment.NewLine +
"END TRY" + Environment.NewLine +
"BEGIN CATCH" + Environment.NewLine +
"END CATCH";
myDB.executeNonQuery("DBServer" + serverID, myQuery);
}
在第一种方法的最后,用户可以访问和读取数据库,这很好。虽然当我使用第二种方法时,用户仍然可以访问数据库,这并不好。我已经调试并确认程序正在调用方法并执行查询,所以查询本身一定有错误。
我已经尝试在 SQL Server Management Studio 本身中执行以下行,它确实完成了它的工作,所以我真的不知道,老实说。从来没有错误消息,但代码不应该如此。
USE [Dev_ISFramework]
IF EXISTS (SELECT * FROM sys.sql_logins WHERE name = N'Johnny456')
DROP USER Johnny456
我不是这方面的专家,但如果您的第二种方法在 SQL 的开头使用 BEGIN TRY,则尝试创建一个用户(当它存在时)会引发一个静默的异常抓住。所以你的角色转换没有执行。
您必须重新访问 removePermissionsForThisDatabase() 中使用的整个 SQL 代码才能执行您想要的操作。
我正在构建一个 Web 应用程序,可以在其中管理用户对多个数据库的访问。我使用以下代码为用户提供了对数据库的读取权限:
public void giveUserReadRightsForDatabase(int serverID, string dbName, string dbUsername, string myPassword)
{
ISFramework.Database myDB = new ISFramework.Database();
string myQuery = "IF NOT EXISTS (SELECT name FROM sys.sql_logins WHERE name ='" + dbUsername + "')" + Environment.NewLine +
"BEGIN" + Environment.NewLine +
"CREATE LOGIN " + dbUsername + " WITH PASSWORD = '" + myPassword +
"', CHECK_EXPIRATION=OFF, CHECK_POLICY=OFF" + Environment.NewLine +
"END" + Environment.NewLine +
"BEGIN TRY" + Environment.NewLine +
"USE [" + dbName + "]" + Environment.NewLine +
"CREATE USER " + dbUsername + " FOR LOGIN " + dbUsername + Environment.NewLine +
"USE [" + dbName + "]" + Environment.NewLine +
"ALTER ROLE db_datareader ADD MEMBER " + dbUsername + Environment.NewLine +
"END TRY" + Environment.NewLine +
"BEGIN CATCH" + Environment.NewLine +
"END CATCH";
myDB.executeNonQuery("DBServer" + serverID, myQuery);
}
我使用以下代码删除权限:
public void removePermissionsForThisDatabase(int serverID, string dbUsername, string dbName)
{
ISFramework.Database myDB = new ISFramework.Database();
string myQuery = "BEGIN TRY" + Environment.NewLine +
"USE [" + dbName + "]" + Environment.NewLine +
"CREATE USER " + dbUsername + " FOR LOGIN " + dbUsername + Environment.NewLine +
"USE [" + dbName + "]" + Environment.NewLine +
"ALTER ROLE db_datareader DROP MEMBER " + dbUsername + Environment.NewLine +
"USE [" + dbName + "]" + Environment.NewLine +
"ALTER ROLE db_datawriter DROP MEMBER " + dbUsername + Environment.NewLine +
"USE [" + dbName + "]" + Environment.NewLine +
"IF EXISTS (SELECT * FROM sys.sql_logins WHERE name = N'" + dbUsername + "')" + Environment.NewLine +
"DROP USER " + dbUsername + Environment.NewLine +
"IF EXISTS (SELECT * FROM sys.database_principals WHERE name = N'" + dbUsername + "')" + Environment.NewLine +
"DROP LOGIN " + dbUsername + Environment.NewLine +
"END TRY" + Environment.NewLine +
"BEGIN CATCH" + Environment.NewLine +
"END CATCH";
myDB.executeNonQuery("DBServer" + serverID, myQuery);
}
在第一种方法的最后,用户可以访问和读取数据库,这很好。虽然当我使用第二种方法时,用户仍然可以访问数据库,这并不好。我已经调试并确认程序正在调用方法并执行查询,所以查询本身一定有错误。
我已经尝试在 SQL Server Management Studio 本身中执行以下行,它确实完成了它的工作,所以我真的不知道,老实说。从来没有错误消息,但代码不应该如此。
USE [Dev_ISFramework]
IF EXISTS (SELECT * FROM sys.sql_logins WHERE name = N'Johnny456')
DROP USER Johnny456
我不是这方面的专家,但如果您的第二种方法在 SQL 的开头使用 BEGIN TRY,则尝试创建一个用户(当它存在时)会引发一个静默的异常抓住。所以你的角色转换没有执行。
您必须重新访问 removePermissionsForThisDatabase() 中使用的整个 SQL 代码才能执行您想要的操作。