我在一个模式下创建了三个用户,并向他们授予了SELECT,INSERT和UPDATE等权限,但我也希望DENY其中的某些用户仅对一定数量的行拥有UPDATE权限(例如,每行ID = x的行) )。这可能吗?如果可以,怎么办?
CREATE SCHEMA Customers
GO
CREATE SCHEMA SecurityInfo
GO
CREATE LOGIN John WITH PASSWORD = '1234'
GO
CREATE LOGIN Peter WITH PASSWORD = '2345'
GO
CREATE LOGIN Monica WITH PASSWORD = '3456'
GO
CREATE USER John FOR LOGIN John;
CREATE USER Peter FOR LOGIN Peter;
CREATE USER Monica FOR LOGIN Monica;
GRANT SELECT ON SCHEMA :: Customers TO John
GRANT SELECT ON SCHEMA :: Customers TO Peter
GRANT SELECT ON SCHEMA :: Customers TO Monica
GO
GRANT INSERT ON SCHEMA :: Customers TO John
GRANT INSERT ON SCHEMA :: Customers TO Peter
GRANT INSERT ON SCHEMA :: Customers TO Monica
GO
GRANT UPDATE ON SCHEMA :: Customers TO John
GRANT UPDATE ON SCHEMA :: Customers TO Peter
GRANT UPDATE ON SCHEMA :: Customers TO Monica
GO
IF OBJECT_ID('Customers.Customers', 'U') IS NOT NULL
DROP TABLE Customers.Customers
GO
IF OBJECT_ID('SecurityInfo.fn_CustomersSecurity', 'IF') IS NOT NULL
BEGIN
DROP FUNCTION SecurityInfo.fn_CustomersSecurity
END
GO
CREATE FUNCTION SecurityInfo.fn_CustomersSecurity(@UserName AS sysname)
RETURNS TABLE
WITH SCHEMABINDING
AS
RETURN SELECT 1 AS IsAccessGranted
WHERE @UserName = USER_NAME();
GO
IF OBJECT_ID('SecurityInfo.CustomersPolicy', 'SP') IS NOT NULL
BEGIN
DROP SECURITY POLICY SecurityInfo.CustomersPolicy
END
GO
CREATE SECURITY POLICY SecurityInfo.CustomersPolicy
ADD FILTER PREDICATE SecurityInfo.fn_CustomersSecurity(UserName)
ON Customers.Customers
WITH (STATE= ON);
GO