问题描述
我正在尝试将 mydomain\myuser 添加到 db_denydatawriter 角色,但我可以找到一个简单的查询示例,有人有快速示例吗?
I'm trying to add mydomain\myuser to the db_denydatawriter role but i can find a simple example of the query does anybody have a quick example?
推荐答案
3个步骤,以防你还没有设置登录+用户
3 steps, in case you haven't set up login + user already
CREATE LOGIN [mydomain\myuser] FROM WINDOWS;
在服务器级别.MSDNCREATE USER [mydomain\myuser] FROM LOGIN [mydomain\myuser];
在数据库级别.MSDN- 匹配用户到角色
EXEC sp_addrolemember 'mydomain\myuser', 'db_denydatawriter'
CREATE LOGIN [mydomain\myuser] FROM WINDOWS;
at the server level. MSDNCREATE USER [mydomain\myuser] FROM LOGIN [mydomain\myuser];
at the db level. MSDN- Match user to role
EXEC sp_addrolemember 'mydomain\myuser', 'db_denydatawriter'
这只会防止直接在表上插入、更新和删除
This only prevents INSERT, UPDATE and DELETE directly on the tables
它不会停止改变桌子设计.即 ddl_admin 或 db_owner.db_owner 权限覆盖所有其他权限,因此拒绝将无效.
It won't stop changing table design. That is ddl_admin or db_owner. db_owner rights override all other permissions so deny will have no effect.
如果写入是通过存储过程,所有权链接意味着权限是没有在桌子上检查.所以这个答案不起作用.
If writes are via stored procs, ownership chaining means permissions are not checked on a table. So this answer won't work.
这篇关于SQL Server 2005 db_denydatawriter 示例查询的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!