是否可以授予用户权利,例如公司的营业时间。
GRANT SELECT
ON client
<WHERE CONDITION>
TO Emily
我知道可以使用MySQL执行此操作,您可以在grant选项中添加WHERE
子句,以便为其添加上下文条件。但是,我正在使用MS SQL Server,可以在那里完成吗?
另一个解决方案是添加一个SQL作业来添加和删除特定时间的权限,但我不是那么喜欢,我更愿意在授权级别上执行此操作。
答案 0 :(得分:4)
我喜欢@Turo建议使用视图。
它可能只包含
之类的东西CREATE VIEW dbo.TimeFilteredClient
AS
SELECT *
FROM dbo.Client
WHERE CAST(GETDATE() AS TIME) BETWEEN '09:00' AND '17:00'
然后在视图而不是表上授予Emily权限。只要视图和表共享同一个所有者,她就可以从视图中进行选择,但在指定时间之外不会得到任何结果。
如果您在2016年,您还可以在桌面上使用row level security来实现相同的目标。以下示例
CREATE TABLE dbo.Client
(
clientId INT IDENTITY PRIMARY KEY,
Name VARCHAR(50)
);
INSERT dbo.Client
VALUES ('client1'),
('client2');
CREATE USER Emily WITHOUT LOGIN;
GRANT SELECT ON dbo.Client TO Emily;
GO
CREATE SCHEMA Security;
GO
CREATE FUNCTION Security.EmilyTimeFilterPredicate()
RETURNS TABLE
WITH SCHEMABINDING
AS
RETURN
SELECT 1 AS fn_securitypredicate_result
WHERE USER_NAME() <> 'Emily'
OR CAST(GETDATE() AS TIME) BETWEEN '09:00' AND '17:00';
GO
CREATE SECURITY POLICY EmilyTimeFilter
ADD FILTER PREDICATE Security.EmilyTimeFilterPredicate()
ON dbo.Client
WITH (STATE = ON);
GO
EXECUTE AS USER = 'Emily';
SELECT *
FROM dbo.Client;
REVERT;
SELECT *
FROM dbo.Client;
GO
DROP SECURITY POLICY EmilyTimeFilter ;
DROP TABLE dbo.Client
DROP USER Emily
DROP FUNCTION Security.EmilyTimeFilterPredicate
DROP SCHEMA Security;