use[Three_Kingdom]
exec sp_addrole'role1' 创建角色role1
grant update,selete,delete on sanguo,sanguo2 to role1 将表sanguo的所有权限授予role1
grant select on sanguo_2 to role1 将表sanguo_2的select权限授予 role1
exec sp_addlogin 'login1','pass','Three_Kingdom' 添加登录login1,密码pass,默认数据库Three_Kingdom
exec sp_grantdbaccess 'login1','user1' 为登录login1添加安全账户user1
exec sp_addrolemember 'role1','user1' 添加角色为role1的成员user1
deny select on sanguo_2 to user1
****************************可用login1登录,虽然login1拥有对sanguo2的所有权限由于拒绝了user1对sanguo2的 select操作,因此不能对sanguo_2进行select操作
exec sp_revokedbaccess'user1'删除安全账户
exec sp_droplogin 'login1'
exec sp_droprole'role1' 删除角色