Security6:授予权限的思路和一般步骤

思路是:Grants permissions on a securable to a principal. 

The general concept is to GRANT <some permission> ON <some object> TO <some user, login, or group>.

授予权限子句分为三部分:Permission,Securable 和 principal,用一句话来解释这三个concept:授予 Principal 操作 Securable 的 Permission。

Principal是被授予权限的实体,Securable是table,view等对象,是Principal操作的对象;有时Principal也会作为Securable,被Principal操纵。

 

示例步骤

Step1,Create Login

Step2,Create user,建立User 和 Login之间的关联,通过SID来关联。

Step3,Create Role

Step4,授予Role的权限

  • 授予对individual object的权限,通过 Grant permission on object:: SchemaName.ObjectName
  • 授予对Schema的权限,由于Schema是objects的container,授予对Schema操作的权限,那么就等同于授予对Schema下所有objects的操作权限

Step5,将user 增加为role的成员,使User 具有权限

USE db_study;
GO

--Create login
CREATE LOGIN login1 
WITH PASSWORD = '123'
,DEFAULT_DATABASE=db_study
,CHECK_EXPIRATION=off
,CHECK_POLICY=off;
go

--create user
CREATE USER user1 
FOR LOGIN login1
with default_schema=dbo;
GO

--create role
create role role1
AUTHORIZATION user1;
GO

--create schema
create schema schema1
AUTHORIZATION user1;
go

--create object
create table schema1.table1
(id int,name varchar(10))

create table schema1.table2
(id int,name varchar(10))

--grant permission on schema to role
grant select,execute
on schema::schema1
to role1;

--grant permission on object to role
grant select ,insert
on object::schema1.table2
to role1;

--add member
alter role role1
add member user1;
go

 

你可能感兴趣的:(Security6:授予权限的思路和一般步骤)