我正在用java编写一个程序,我必须验证用户是否具有创建,更改和删除表所需的所有最小权限。
默认情况下,我的SQL Server数据库具有以下一组权限:
CREATE TABLE-
CREATE VIEW-
CREATE PROCEDURE-
CREATE FUNCTION-
CREATE RULE-
CREATE DEFAULT-
BACKUP DATABASE-
BACKUP LOG-
CREATE DATABASE-
CREATE TYPE-
CREATE ASSEMBLY-
CREATE XML SCHEMA COLLECTION-
CREATE SCHEMA-
CREATE SYNONYM
CREATE AGGREGATE
CREATE ROLE
CREATE MESSAGE TYPE
CREATE SERVICE-
CREATE CONTRACT-
CREATE REMOTE SERVICE BINDING-
CREATE ROUTE
CREATE QUEUE
CREATE SYMMETRIC KEY
CREATE ASYMMETRIC KEY
CREATE FULLTEXT CATALOG
CREATE CERTIFICATE
CREATE DATABASE DDL EVENT NOTIFICATION
CONNECT-
CONNECT REPLICATION
CHECKPOINT
SUBSCRIBE QUERY NOTIFICATIONS
AUTHENTICATE
SHOWPLAN
ALTER ANY USER
ALTER ANY ROLE
ALTER ANY APPLICATION ROLE
ALTER ANY SCHEMA-
ALTER ANY ASSEMBLY
ALTER ANY DATASPACE
ALTER ANY MESSAGE TYPE
ALTER ANY CONTRACT
ALTER ANY SERVICE
ALTER ANY REMOTE SERVICE BINDING
ALTER ANY ROUTE
ALTER ANY FULLTEXT CATALOG
ALTER ANY SYMMETRIC KEY
ALTER ANY ASYMMETRIC KEY
ALTER ANY CERTIFICATE
SELECT-
INSERT-
UPDATE-
DELETE-
REFERENCES-
EXECUTE-
ALTER ANY DATABASE DDL TRIGGER
ALTER ANY DATABASE EVENT NOTIFICATION
ALTER ANY DATABASE AUDIT
ALTER ANY DATABASE EVENT SESSION
KILL DATABASE CONNECTION
VIEW DATABASE STATE
VIEW DEFINITION
TAKE OWNERSHIP
ALTER-
CONTROL
但是我只验证以下特定权限:
CREATE TABLE
CREATE VIEW
CREATE PROCEDURE
CREATE FUNCTION
BACKUP DATABASE
CREATE TYPE
CREATE SCHEMA
CREATE SYNONYM
CREATE AGGREGATE
CREATE ROLE
CREATE MESSAGE TYPE
CONNECT
ALTER ANY ROLE
ALTER ANY APPLICATION ROLE
ALTER ANY SCHEMA
ALTER ANY MESSAGE TYPE
SELECT
INSERT
UPDATE
DELETE
REFERENCES
EXECUTE
VIEW DATABASE STATE
VIEW DEFINITION
ALTER
CONTROL
但是,使用这组权限,当我执行任何用户定义的数据类型(sp_addtype)时,它会失败,显示用户没有权限。有人可以告诉我,我需要在第二组权限中添加第一组权限的额外权限吗?
答案 0 :(得分:1)
[sp_addtype]
<强>权限 需要db_owner或db_ddladmin固定数据库角色的成员资格。
您可以查看过程[sp_addtype]:
if is_member('db_owner')=0 and is_member('db_ddladmin')=0
begin
raiserror(15247, -1, -1)
return (1)
end