SQL 服务器数据库所需的最低权限集?
Minimum set of permissions required for SQL Server database?
我正在 java 中编写程序,其中我必须验证用户是否具有创建、更改和删除 table 过程所需的所有最低权限。
默认情况下,我的 SQL 服务器数据库具有以下一组权限:
CREATE TABLE-
CREATE VIEW-
CREATE PROCEDURE-
CREATE FUNCTION-
CREATE RULE-
CREATE DEFAULT-
BACKUP DATABASE-
BACKUP LOG-
CREATE DATABASE-
CREATE TYPE-
CREATE ASSEMBLY-
CREATE XML SCHEMA COLLECTION-
CREATE SCHEMA-
CREATE SYNONYM
CREATE AGGREGATE
CREATE ROLE
CREATE MESSAGE TYPE
CREATE SERVICE-
CREATE CONTRACT-
CREATE REMOTE SERVICE BINDING-
CREATE ROUTE
CREATE QUEUE
CREATE SYMMETRIC KEY
CREATE ASYMMETRIC KEY
CREATE FULLTEXT CATALOG
CREATE CERTIFICATE
CREATE DATABASE DDL EVENT NOTIFICATION
CONNECT-
CONNECT REPLICATION
CHECKPOINT
SUBSCRIBE QUERY NOTIFICATIONS
AUTHENTICATE
SHOWPLAN
ALTER ANY USER
ALTER ANY ROLE
ALTER ANY APPLICATION ROLE
ALTER ANY SCHEMA-
ALTER ANY ASSEMBLY
ALTER ANY DATASPACE
ALTER ANY MESSAGE TYPE
ALTER ANY CONTRACT
ALTER ANY SERVICE
ALTER ANY REMOTE SERVICE BINDING
ALTER ANY ROUTE
ALTER ANY FULLTEXT CATALOG
ALTER ANY SYMMETRIC KEY
ALTER ANY ASYMMETRIC KEY
ALTER ANY CERTIFICATE
SELECT-
INSERT-
UPDATE-
DELETE-
REFERENCES-
EXECUTE-
ALTER ANY DATABASE DDL TRIGGER
ALTER ANY DATABASE EVENT NOTIFICATION
ALTER ANY DATABASE AUDIT
ALTER ANY DATABASE EVENT SESSION
KILL DATABASE CONNECTION
VIEW DATABASE STATE
VIEW DEFINITION
TAKE OWNERSHIP
ALTER-
CONTROL
但是我只验证以下特定权限:
CREATE TABLE
CREATE VIEW
CREATE PROCEDURE
CREATE FUNCTION
BACKUP DATABASE
CREATE TYPE
CREATE SCHEMA
CREATE SYNONYM
CREATE AGGREGATE
CREATE ROLE
CREATE MESSAGE TYPE
CONNECT
ALTER ANY ROLE
ALTER ANY APPLICATION ROLE
ALTER ANY SCHEMA
ALTER ANY MESSAGE TYPE
SELECT
INSERT
UPDATE
DELETE
REFERENCES
EXECUTE
VIEW DATABASE STATE
VIEW DEFINITION
ALTER
CONTROL
但是,使用这组权限,当我执行任何用户定义的数据类型 (sp_addtype) 时,它无法显示用户没有权限。有人可以告诉我我需要在第二组权限中添加第一组权限中的哪些额外权限吗?
[sp_addtype]
权限
需要 db_owner 或 db_ddladmin 固定数据库角色的成员身份。
您可以查看程序 [sp_addtype]:
if is_member('db_owner')=0 and is_member('db_ddladmin')=0
begin
raiserror(15247, -1, -1)
return (1)
end
我正在 java 中编写程序,其中我必须验证用户是否具有创建、更改和删除 table 过程所需的所有最低权限。
默认情况下,我的 SQL 服务器数据库具有以下一组权限:
CREATE TABLE-
CREATE VIEW-
CREATE PROCEDURE-
CREATE FUNCTION-
CREATE RULE-
CREATE DEFAULT-
BACKUP DATABASE-
BACKUP LOG-
CREATE DATABASE-
CREATE TYPE-
CREATE ASSEMBLY-
CREATE XML SCHEMA COLLECTION-
CREATE SCHEMA-
CREATE SYNONYM
CREATE AGGREGATE
CREATE ROLE
CREATE MESSAGE TYPE
CREATE SERVICE-
CREATE CONTRACT-
CREATE REMOTE SERVICE BINDING-
CREATE ROUTE
CREATE QUEUE
CREATE SYMMETRIC KEY
CREATE ASYMMETRIC KEY
CREATE FULLTEXT CATALOG
CREATE CERTIFICATE
CREATE DATABASE DDL EVENT NOTIFICATION
CONNECT-
CONNECT REPLICATION
CHECKPOINT
SUBSCRIBE QUERY NOTIFICATIONS
AUTHENTICATE
SHOWPLAN
ALTER ANY USER
ALTER ANY ROLE
ALTER ANY APPLICATION ROLE
ALTER ANY SCHEMA-
ALTER ANY ASSEMBLY
ALTER ANY DATASPACE
ALTER ANY MESSAGE TYPE
ALTER ANY CONTRACT
ALTER ANY SERVICE
ALTER ANY REMOTE SERVICE BINDING
ALTER ANY ROUTE
ALTER ANY FULLTEXT CATALOG
ALTER ANY SYMMETRIC KEY
ALTER ANY ASYMMETRIC KEY
ALTER ANY CERTIFICATE
SELECT-
INSERT-
UPDATE-
DELETE-
REFERENCES-
EXECUTE-
ALTER ANY DATABASE DDL TRIGGER
ALTER ANY DATABASE EVENT NOTIFICATION
ALTER ANY DATABASE AUDIT
ALTER ANY DATABASE EVENT SESSION
KILL DATABASE CONNECTION
VIEW DATABASE STATE
VIEW DEFINITION
TAKE OWNERSHIP
ALTER-
CONTROL
但是我只验证以下特定权限:
CREATE TABLE
CREATE VIEW
CREATE PROCEDURE
CREATE FUNCTION
BACKUP DATABASE
CREATE TYPE
CREATE SCHEMA
CREATE SYNONYM
CREATE AGGREGATE
CREATE ROLE
CREATE MESSAGE TYPE
CONNECT
ALTER ANY ROLE
ALTER ANY APPLICATION ROLE
ALTER ANY SCHEMA
ALTER ANY MESSAGE TYPE
SELECT
INSERT
UPDATE
DELETE
REFERENCES
EXECUTE
VIEW DATABASE STATE
VIEW DEFINITION
ALTER
CONTROL
但是,使用这组权限,当我执行任何用户定义的数据类型 (sp_addtype) 时,它无法显示用户没有权限。有人可以告诉我我需要在第二组权限中添加第一组权限中的哪些额外权限吗?
[sp_addtype]
权限 需要 db_owner 或 db_ddladmin 固定数据库角色的成员身份。
您可以查看程序 [sp_addtype]:
if is_member('db_owner')=0 and is_member('db_ddladmin')=0
begin
raiserror(15247, -1, -1)
return (1)
end