对于案例1和案例2,如何在配置下使用SQL语句?
情况1: Azure SQL托管实例中有多个数据库DB1,DB2,DB3,... 如何创建一个新的数据库用户User1,该用户只能访问DB1并向该用户隐藏其他数据库(即,当User1在SQL Server Management Studio中打开数据库服务器时,仅向他显示DB1) 同时,User1必须具有特权才能对DB1执行以下操作:
情况2: 如果多个数据库DB1,DB2,DB3,...是单个数据库(不在托管实例中) 如何进行与情况1类似的配置,即User1仅可以看到具有上述特权的DB1?
我尝试了以下问题的解决方案: How do I create a new user in a SQL Azure database?
CREATE LOGIN User1 WITH password='Test1234';
CREATE USER User1 FROM LOGIN User1;
但是User1可以看到所有数据库。
++++++++++++++++++++++++++++++++
第一次更新:
基于@ Nick.McDermaid引用(非常感谢),我尝试了以下SQL语句,它们正在起作用:
--the below statement grant user1 access to the database, it's working:
CREATE USER user1 WITH PASSWORD = 'Test1234';
--the below 4 statements grant user1 CRUD privilege on all tables, it's working:
GRANT SELECT TO user1;
GRANT INSERT TO user1;
GRANT UPDATE TO user1;
GRANT DELETE TO user1;
但是在授予创建表并添加列方面遇到问题:
--intend to grant user1 creating table privilege, commands completed successfully, but when trying to create a table return below error:
--Microsoft SQL: The specified schema name "dbo" either does not exist or you do not have permission to use it.
GRANT CREATE TABLE TO user1;
--intend to grant user1 adding columns privilege, but Azure SQL return below error:
--Incorrect syntax near 'ALTER'.
GRANT ALTER TABLE TO user1;
++++++++++++++++++++++++++++++++
第二次更新:
我最后的SQL语句是:
CREATE USER [user1] WITH PASSWORD=N'Test1234'
GO
CREATE ROLE [test_role]
GO
ALTER ROLE [test_role] ADD MEMBER [user1];
GO
ALTER ROLE [db_ddladmin] ADD MEMBER [test_role];
GO
ALTER ROLE [db_datawriter] ADD MEMBER [test_role];
GO
ALTER ROLE [db_datareader] ADD MEMBER [test_role];
GO