我不太清楚SQL Server中不同EXECUTE AS目标之间的区别:CALLER,SELF和OWNER,特别是在最后两个目标之间。
我的理解是CALLER是执行/调用程序的人。
SELF是the specified user is the person creating or altering the module
所有者是the current owner of the module
您能解释并举例说明the person creating/modifying和the owner of the module是谁。是'模块'这里是存储过程/函数还是会话或数据库?包含SELF用户的示例将非常棒。
答案 0 :(得分:2)
非常简单,SELF冒充您作为最后一次实际执行create / alter procedure的数据库用户。它并不总是必须是架构所有者,您可以想象,它可以是具有足以创建/修改给定对象的权限的任何人。
OWNER模式模仿您作为过程/函数所属模式的所有者。
如果你想深入挖掘(在这种情况下,总有一些空间可以挖掘),下面是一个(相对)简单的例子,它可以向你展示如何在这里工作。有一些特定于SQL Server的快捷方式和含义我故意省略,因为否则写入会太多。不过,您总是可以阅读文档。
use master;
go
if db_id('TestDB') is not null
drop database TestDB;
go
create database TestDB;
go
use TestDB;
go
-- Just for the sake of example, so that everyone can create procs
grant create procedure to public;
go
-- Schema owner
create user [SomeUser] without login;
go
create schema [s1] authorization [SomeUser];
go
-- An ordinary user
create user [AnotherUser] without login;
go
grant execute on schema::s1 to AnotherUser as [SomeUser];
go
-- Database administrator
create user [DBA] without login;
go
alter role [db_owner] add member [DBA];
go
-- Although it's SomeUser that owns the schema, DBA creates objects in it
execute as user = 'DBA';
go
create procedure s1.SpCaller
as
select user_name() as [s1_caller];
return;
go
create procedure s1.SpSelf
with execute as self as
select user_name() as [s1_self];
return;
go
create procedure s1.SpOwner
with execute as owner as
select user_name() as [s1_owner];
return;
go
revert;
go
-- You can play with actual impersonation and look at results
execute as user = 'AnotherUser';
go
exec s1.SpCaller;
go
exec s1.SpSelf;
go
exec s1.SpOwner;
go
revert;
go