使用带有批量过程的 Microsoft Sync Framework 同步两个 sql 数据库需要哪些权限?

Which permissions are required to synchronize two sql databases using Micorosoft Sync Framework with bulk procedures?

我使用 Microsoft Sync Framework 用 C# 编写了一个程序来同步两个 sql 数据库。成功配置服务器和客户端后, 我在启动同步的客户端上设置了以下权限:

GRANT VIEW CHANGE TRACKING ON OBJECT::dbo.My_Table to my_role
GRANT DELETE ON [dbo].[My_Table_tracking] TO [my_role] AS [dbo]
GRANT INSERT ON [dbo].[My_Table_tracking] TO [my_role] AS [dbo]
GRANT SELECT ON [dbo].[My_Table_tracking] TO [my_role] AS [dbo]
GRANT UPDATE ON [dbo].[My_Table_tracking] TO [my_role] AS [dbo]
GRANT DELETE ON [dbo].[scope_info] TO [my_role] AS [dbo]
GRANT INSERT ON [dbo].[scope_info] TO [my_role] AS [dbo]
GRANT SELECT ON [dbo].[scope_info] TO [my_role] AS [dbo]
GRANT UPDATE ON [dbo].[scope_info] TO [my_role] AS [dbo]
GRANT DELETE ON [dbo].[scope_config] TO [my_role] AS [dbo]
GRANT INSERT ON [dbo].[scope_config] TO [my_role] AS [dbo]
GRANT SELECT ON [dbo].[scope_config] TO [my_role] AS [dbo]
GRANT UPDATE ON [dbo].[scope_config] TO [my_role] AS [dbo]
GRANT EXECUTE ON [dbo].[My_Table_selectrow] TO [my_role] AS [dbo]
GRANT EXECUTE ON [dbo].[My_Table_update] TO [my_role] AS [dbo]
GRANT EXECUTE ON [dbo].[My_Table_updatemetadata] TO [my_role] AS [dbo]
GRANT EXECUTE ON [dbo].[My_Table_selectchanges] TO [my_role] AS [dbo]
GRANT EXECUTE ON [dbo].[My_Table_insertmetadata] TO [my_role] AS [dbo]
GRANT EXECUTE ON [dbo].[My_Table_insert] TO [my_role] AS [dbo]
GRANT EXECUTE ON [dbo].[My_Table_deletemetadata] TO [my_role] AS [dbo]
GRANT EXECUTE ON [dbo].[My_Table_delete] TO [my_role] AS [dbo]
GRANT EXECUTE ON [dbo].[My_Table_bulkupdate] TO [my_role] AS [dbo]
GRANT EXECUTE ON [dbo].[My_Table_bulkinsert] TO [my_role] AS [dbo]
GRANT EXECUTE ON [dbo].[My_Table_bulkdelete] TO [my_role] AS [dbo]

我使用以下资源将上面的脚本放在一起:

但是当我运行程序时,记录了以下错误:

An SqlParameter with ParameterName '@changeTable' is not contained by this SqlParameterCollection

将执行查询的用户映射到内置 db_owner 角色后,程序运行完美。

请问有什么办法可以比较my_roledb_owner的有效权限吗?如何调试 sql 服务器的权限问题(ssms 中显示的 sql 服务器日志未显示与我的问题相关的任何内容)?或者:需要哪些确切的权限才能使 Microsoft Sync Framework 使用批量过程同步两个数据库?

Is there any way, I can compare the effective permissions granted to my_role and db_owner?

要查看您的角色成员有哪些权限,您应该模拟一个属于您角色成员的用户 my_role 并检查其权限,如下所示:

execute as user = 'my_user_member_of_my_role';
select *
from sys.fn_my_permissions(null, 'database');
revert;

然后检查 db_owner 具有哪些权限:通过模拟 db_owner 角色的某些成员来执行相同的操作,或者如果您是 sysadmin 则跳过模拟:

execute as user = 'my_user_member_of_db_owner'; -- skip it if you are sysadmin
select *
from sys.fn_my_permissions(null, 'database');
revert; -- skip it if you are sysadmin

How can I debug the permission issue with sql server (the sql server log shown in ssms does not show anything related to my issue)?

你应该意识到这个错误:

An SqlParameter with ParameterName '@changeTable' is not contained by this SqlParameterCollection

不是SQL服务器错误

所以是你程序的错误,请使用你的编程环境进行调试。

Or: Which exact permissions are needed to make the Microsoft Sync Framework synchronize two database with bulk procedures?

您应该执行什么确切的代码?

如果你在这里征用你想要的命令运行我会写给你执行它所需的所有权限。

P.S。如果你使用 BULK INSERT,你应该有 ADMINISTER BULK OPERATIONS 服务器级别的权限。此权限未授予 db_owners。因此,如果这是问题所在,您无法通过仅将您的用户添加到 db_owner 数据库角色来解决它。

负责批量操作的存储过程使用用户定义的 table 类型,该类型以将要同步的 table 命名,例如Mytable_BulkType。要执行这些过程,用户需要对 table 类型具有以下权限:

GRANT CONTROL ON TYPE::[dbo].[MyTable_BulkType] TO [my_role] AS [dbo]