我在SQL Server 2014中创建了一个数据库,并与sa一起输入,是管理员。
如何让sa只有权查看程序?
如何使用代码创建另一个管理员用户?
我试过这个
CREATE LOGIN ztestecom WITH PASSWORD = 'sqlserver';
答案 0 :(得分:3)
你不能删除' sa'从作为系统管理员。通常建议禁用sa帐户,因为它是一个已知帐户,始终具有系统管理员权限,因此最常被企业入侵的用户。
如上所述,下面将创建另一个将成为sysadmin的用户,然后再创建另一个用户并授予他们在所有用户数据库中执行存储过程的能力。您可以将此作为您的“sa”#帐户。
-- Create new account with a very secure password
CREATE LOGIN sqlmanager WITH PASSWORD = 'Now I am the master.';
GO
-- Grant new account sysadmin rights
ALTER SERVER ROLE [sysadmin] ADD MEMBER [sqlmanager]
GO
-- Create new role for executing procedures only in all user db's
DECLARE @command varchar(1000)
SELECT @command = '
IF ''?'' NOT IN(''master'', ''model'', ''msdb'', ''tempdb'')
BEGIN
IF NOT EXISTS (select 1 from sys.database_principals where name=''db_executor'')
BEGIN
CREATE ROLE [db_executor];
END;
GRANT EXECUTE TO db_executor;
END
'
EXEC sp_MSforeachdb @command
GO
-- Create new account for executing procedures
CREATE LOGIN sqlexecutor WITH PASSWORD = 'You run along now';
GO
-- Add new user to db_executor role in all user db db's
DECLARE @command varchar(1000)
SELECT @command = '
IF ''?'' NOT IN(''master'', ''model'', ''msdb'', ''tempdb'')
BEGIN
IF NOT EXISTS(SELECT principal_id FROM sys.database_principals WHERE name = ''sqlexecutor'')
BEGIN
CREATE USER [sqlexecutor] FOR LOGIN [sqlexecutor] WITH DEFAULT_SCHEMA=[dbo];
END;
ALTER ROLE [db_executor] ADD MEMBER [sqlexecutor];
END
'
EXEC sp_MSforeachdb @command
GO
最后以sa身份注销并以sqlmanager身份登录。确保您具有sysadmin权限,然后禁用sa帐户
-- Disable sa account
ALTER LOGIN [sa] DISABLE