SQL 服务器 - 您没有使用批量加载语句的权限
SQL Server - You do not have permission to use the bulk load statement
使用 SQL Server 2016,我正在尝试配置 'SA' 以外的用户来导入文件。我正在执行的代码如下:
EXECUTE AS USER = 'DataImports';
SELECT CURRENT_USER;
EXEC xp_cmdshell 'TYPE myFileNameHere.txt'
BULK INSERT DataImports.staging_AddressBook
FROM 'myFileNameHere.txt'
WITH (DATAFILETYPE = 'char'
, FIRSTROW = 2
, FIELDTERMINATOR = ' '
, ROWTERMINATOR = '\n');
我得到的错误是:
Msg 4834, Level 16, State 1, Line 20
You do not have permission to use the bulk load statement.
我已经验证了以下内容:
- 我确实可以访问用户所需的文件 - cmdshell TYPE returns 预期的行。我似乎没有文件访问问题。
- 我对数据库一般有
INSERT
权限。
我测试使用:
SELECT
[DatabaseUserName] = princ.[name],
[PermissionType] = perm.[permission_name],
[PermissionState] = perm.[state_desc]
FROM
sys.database_principals princ
LEFT JOIN
sys.database_permissions perm ON perm.[grantee_principal_id] = princ.[principal_id]
WHERE
princ.[name] = 'DataImports';`
我有批量管理员角色
SELECT
r.name AS [RoleName],
m.name AS [MemberName],
CASE
WHEN m.name IS NOT NULL THEN 1 ELSE 0
END AS IsMember
FROM
sys.server_principals r
LEFT JOIN
sys.server_role_members rm ON (r.principal_id = rm.role_principal_id)
LEFT JOIN
sys.server_principals m ON (rm.member_principal_id = m.principal_id)
WHERE
r.type = 'R' AND m.name = 'Dataimports';
我什至已将用户配置为 sys-admin(不是长期计划的一部分),但我仍然遇到错误。
这些是在我执行的其他 SO 票证和一般搜索中突出显示的要点。我可以将 table 导入为 SA
但不能导入为 DataImports
尽管看起来是正确的配置。
这是 运行 工作的一部分,目前我们必须授予 SA 访问权限才能读取文件。安全方面这不太理想,但我无法弄清楚缺少什么。
如有任何其他需要检查的建议,我们将不胜感激 - 所有基础知识似乎都已准备就绪。
Any suggestions
of what else to check would be gratefully received - all the basics
seem to be in place.
几件事:
GRANT ADMINISTER BULK OPERATIONS TO Dataimports
如果目标 table 包含触发器或检查约束
GRANT ALTER ON TABLE DataImports.staging_AddressBook TO Dataimports
和
ALTER DATABASE [yourDB] SET TRUSTWORTHY ON;
因为:
For security considerations, the server-scoped permissions are
stripped down when you impersonate a database user unless the system
administrator has explicitly set SQL Server to trust the impersonated
context at the server-scope. In this case, a login with the control
server server-scoped permission has no permissions to access any
particular database. Therefore, the trigger module that is executed as
this login cannot run.
使用 SQL Server 2016,我正在尝试配置 'SA' 以外的用户来导入文件。我正在执行的代码如下:
EXECUTE AS USER = 'DataImports';
SELECT CURRENT_USER;
EXEC xp_cmdshell 'TYPE myFileNameHere.txt'
BULK INSERT DataImports.staging_AddressBook
FROM 'myFileNameHere.txt'
WITH (DATAFILETYPE = 'char'
, FIRSTROW = 2
, FIELDTERMINATOR = ' '
, ROWTERMINATOR = '\n');
我得到的错误是:
Msg 4834, Level 16, State 1, Line 20
You do not have permission to use the bulk load statement.
我已经验证了以下内容:
- 我确实可以访问用户所需的文件 - cmdshell TYPE returns 预期的行。我似乎没有文件访问问题。
- 我对数据库一般有
INSERT
权限。
我测试使用:
SELECT
[DatabaseUserName] = princ.[name],
[PermissionType] = perm.[permission_name],
[PermissionState] = perm.[state_desc]
FROM
sys.database_principals princ
LEFT JOIN
sys.database_permissions perm ON perm.[grantee_principal_id] = princ.[principal_id]
WHERE
princ.[name] = 'DataImports';`
我有批量管理员角色
SELECT r.name AS [RoleName], m.name AS [MemberName], CASE WHEN m.name IS NOT NULL THEN 1 ELSE 0 END AS IsMember FROM sys.server_principals r LEFT JOIN sys.server_role_members rm ON (r.principal_id = rm.role_principal_id) LEFT JOIN sys.server_principals m ON (rm.member_principal_id = m.principal_id) WHERE r.type = 'R' AND m.name = 'Dataimports';
我什至已将用户配置为 sys-admin(不是长期计划的一部分),但我仍然遇到错误。
这些是在我执行的其他 SO 票证和一般搜索中突出显示的要点。我可以将 table 导入为 SA
但不能导入为 DataImports
尽管看起来是正确的配置。
这是 运行 工作的一部分,目前我们必须授予 SA 访问权限才能读取文件。安全方面这不太理想,但我无法弄清楚缺少什么。
如有任何其他需要检查的建议,我们将不胜感激 - 所有基础知识似乎都已准备就绪。
Any suggestions of what else to check would be gratefully received - all the basics seem to be in place.
几件事:
GRANT ADMINISTER BULK OPERATIONS TO Dataimports
如果目标 table 包含触发器或检查约束
GRANT ALTER ON TABLE DataImports.staging_AddressBook TO Dataimports
和
ALTER DATABASE [yourDB] SET TRUSTWORTHY ON;
因为:
For security considerations, the server-scoped permissions are stripped down when you impersonate a database user unless the system administrator has explicitly set SQL Server to trust the impersonated context at the server-scope. In this case, a login with the control server server-scoped permission has no permissions to access any particular database. Therefore, the trigger module that is executed as this login cannot run.