码迷,mamicode.com
首页 > 数据库 > 详细

SqlServer用户授权配置

时间:2014-10-17 18:31:48      阅读:260      评论:0      收藏:0      [点我收藏+]

标签:style   blog   color   io   os   ar   for   sp   文件   

 

  1 --创建登录账户:用户默认为public角色
  2 USE [master]
  3 GO
  4 CREATE LOGIN [登录名] WITH PASSWORD=N密码, DEFAULT_DATABASE=[test], CHECK_EXPIRATION=OFF, CHECK_POLICY=OFF
  5 GO
  6 
  7 --删除登录账户(登录名不用引号,‘[]‘号为必须,防止用户为单纯的数字)
  8 USE [master] 
  9 go
 10 EXEC sys.sp_revokedbaccess  @name_in_db = [登录名]
 11 DROP USER [登录名]
 12 DROP LOGIN [登录名]
 13 
 14 --账户角色授权
 15 /*
 16 @rolename枚举值(角色权限):
 17                 bulkadmin            --可以运行BULK INSERT语句
 18                 dbcreator            --可以创建、修改数据库    
 19                 diskadmin            --用户管理磁盘文件
 20                 processadmin        --可以终止SQL SERVER实例中的进程
 21                 public                --默认且不可修改    
 22                 securityadmin        --管理和审核登录账户
 23                 serveradmin            --可以更改服务器范围的配置选项和关闭服务器
 24                 setupadmin            --配置复制和链接服务器
 25                 sysadmin            --执行任何活动
 26 */
 27 USE [master] 
 28 go
 29 EXEC master..sp_addsrvrolemember @loginame = N登录名, @rolename = Nsysadmin
 30 EXEC master..sp_addsrvrolemember @loginame = N登录名, @rolename = Nbulkadmin
 31 EXEC master..sp_addsrvrolemember @loginame = N登录名, @rolename = Ndbcreator
 32 EXEC master..sp_addsrvrolemember @loginame = N登录名, @rolename = Ndiskadmin
 33 EXEC master..sp_addsrvrolemember @loginame = N登录名, @rolename = Nprocessadmin
 34 EXEC master..sp_addsrvrolemember @loginame = N登录名, @rolename = Nsecurityadmin
 35 EXEC master..sp_addsrvrolemember @loginame = N登录名, @rolename = Nserveradmin
 36 EXEC master..sp_addsrvrolemember @loginame = N登录名, @rolename = Nsetupadmin
 37 EXEC master..sp_addsrvrolemember @loginame = N登录名, @rolename = Nsysadmin
 38 go
 39 
 40 --删除账户角色
 41 USE [master] 
 42 go
 43 EXEC master..sp_dropsrvrolemember @loginame = N登录名, @rolename = Nsysadmin
 44 EXEC master..sp_dropsrvrolemember @loginame = N登录名, @rolename = Nbulkadmin
 45 EXEC master..sp_dropsrvrolemember @loginame = N登录名, @rolename = Ndbcreator
 46 EXEC master..sp_dropsrvrolemember @loginame = N登录名, @rolename = Ndiskadmin
 47 EXEC master..sp_dropsrvrolemember @loginame = N登录名, @rolename = Nprocessadmin
 48 EXEC master..sp_dropsrvrolemember @loginame = N登录名, @rolename = Nsecurityadmin
 49 EXEC master..sp_dropsrvrolemember @loginame = N登录名, @rolename = Nserveradmin
 50 EXEC master..sp_dropsrvrolemember @loginame = N登录名, @rolename = Nsetupadmin
 51 EXEC master..sp_dropsrvrolemember @loginame = N登录名, @rolename = Nsysadmin
 52 go
 53 
 54 --用户数据库访问授权
 55 --所有数据库都可以访问
 56 USE [master] 
 57 go
 58 EXEC master..sp_addsrvrolemember @loginame = N登录名, @rolename = Nsysadmin
 59 go
 60 --访问制定数据库(删除用户拥有的sysadmin角色,然后为登录用户创建数据库用户映射)
 61 USE [master] 
 62 go
 63 EXEC master..sp_dropsrvrolemember @loginame = N登录名, @rolename = Nsysadmin
 64 go
 65 USE databasename
 66 go
 67 create user [登录名] for login [登录名] with default_schema=dbo --此时还不可访问该数据库的对象如表、存储过程、视图等
 68 go
 69 
 70 --设置登录用户访问该数据库的所有对象
 71 USE databasename
 72 go
 73 exec sp_addrolemember db_owner, 登录名 
 74 go
 75 
 76 --禁用登录用户访问该数据库的所有对象
 77 USE test
 78 go
 79 exec sp_droprolemember db_owner, 登录名 
 80 go
 81 
 82 --授权登录用户访问指定的表\存储过程\视图等(先禁用数据库用户拥有的db_owner角色,然后再对制定的对象赋相应的权限)
 83 /*
 84 对象(表|存储过程|视图等)枚举值:
 85             ALTER            --修改
 86             CONTROL            --控制    
 87             EXECUTE            --执行
 88             TAKE OWNERSHIP        --所有权限
 89             VIEW DEFINITION                --查看定义
 90 */
 91 USE test
 92 go
 93 exec sp_droprolemember db_owner, 登录名 
 94 go
 95 use test
 96 go
 97 GRANT ALTER ON [dbo].[表|存储过程|视图等名称] TO [登录名]
 98 GRANT CONTROL ON [dbo].[表|存储过程|视图等名称] TO [登录名]
 99 GRANT EXECUTE ON [dbo].[表|存储过程|视图等名称] TO [登录名]
100 GRANT TAKE OWNERSHIP ON [dbo].[表|存储过程|视图等名称] TO [登录名]
101 GRANT VIEW DEFINITION ON [dbo].[表|存储过程|视图等名称] TO [登录名]
102 go
103 
104 --删除对登录用户访问指定的表\存储过程\视图等的授权
105 use test
106 go
107 GRANT CONTROL ON [dbo].DRImportNew1 TO [登录名]
108 REVOKE CONTROL ON [dbo].DRImportNew1 TO [登录名]
109 REVOKE ALTER ON [dbo].[表|存储过程|视图等名称] TO [登录名]
110 REVOKE CONTROL ON [dbo].[表|存储过程|视图等名称] TO [登录名]
111 REVOKE EXECUTE ON [dbo].[表|存储过程|视图等名称] TO [登录名]
112 REVOKE TAKE OWNERSHIP ON [dbo].[表|存储过程|视图等名称] TO [登录名]
113 REVOKE VIEW DEFINITION ON [dbo].[表|存储过程|视图等名称] TO [登录名]
114 go
115 
116 --授权登录用户访问表的指定列
117 use test
118 go
119 GRANT SELECT ON dbo.表名(字段1,字段2...) TO [登录名]
120 go
121 
122 --批量删除数据库所有表
123 use databasename
124 go
125 DECLARE @DROP_STRING VARCHAR(8000)
126 --删除外键约束
127 DECLARE DROP_FK CURSOR FOR
128 SELECT  ALTER TABLE + OBJECT_NAME(PARENT_OBJ) +  DROP CONSTRAINT +NAME
129 FROM    SYSOBJECTS
130 WHERE   XTYPE = F
131 OPEN DROP_FK
132 FETCH NEXT FROM DROP_FK INTO @DROP_STRING
133 WHILE(@@FETCH_STATUS=0)
134 BEGIN     EXEC(@DROP_STRING)     FETCH NEXT FROM DROP_FK INTO @DROP_STRING
135 END
136 CLOSE DROP_FK
137 DEALLOCATE DROP_FK
138 --删除表
139 DECLARE DROP_TABLE CURSOR FOR
140 SELECT  DROP TABLE +NAME
141 FROM    SYSOBJECTS
142 WHERE   XTYPE = U
143 OPEN DROP_TABLE
144 FETCH NEXT FROM DROP_TABLE INTO @DROP_STRING
145 WHILE(@@FETCH_STATUS=0)
146 BEGIN     EXEC(@DROP_STRING)     FETCH NEXT FROM DROP_TABLE INTO @DROP_STRING
147 END
148 CLOSE DROP_TABLE
149 DEALLOCATE DROP_TABLE
150 GO

 

SqlServer用户授权配置

标签:style   blog   color   io   os   ar   for   sp   文件   

原文地址:http://www.cnblogs.com/raowenbin/p/4031589.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!