Warning: file_get_contents(/data/phpspider/zhask/data//catemap/7/sql-server/27.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Sql server SQL Server:拒绝在重新创建的表上选择_Sql Server_Grant - Fatal编程技术网
Fatal编程技术网
  • sql-server/
  • Sql server SQL Server:拒绝在重新创建的表上选择

Sql server SQL Server:拒绝在重新创建的表上选择

sql-server

Sql server SQL Server:拒绝在重新创建的表上选择,sql-server,grant,Sql Server,Grant,在SQL Server 2017中,我有一个具有ddladmin权限的用户,可以定期删除和重新创建表。我们需要在那张表上进行拒绝选择 只有当表被删除时,它才会丢失拒绝。我不想授予用户securityadmin 如何确保每次重新创建此表时保留此表上的拒绝选择?…调整 revert go -- drop trigger deny_select_on_frequentlydroppedtable on database create or alter trigger deny_select_on_f

在SQL Server 2017中,我有一个具有ddladmin权限的用户,可以定期删除和重新创建表。我们需要在那张表上进行拒绝选择

只有当表被删除时,它才会丢失拒绝。我不想授予用户securityadmin

如何确保每次重新创建此表时保留此表上的拒绝选择?

…调整

revert
go

-- drop trigger deny_select_on_frequentlydroppedtable on database
create or alter trigger deny_select_on_frequentlydroppedtable 
on database  
with execute as 'dbo' 
for CREATE_TABLE
as
begin
    set nocount on;
    
    --when table name = frequentlydroppedtable
    if EVENTDATA().value('(EVENT_INSTANCE/ObjectName)[1]', 'sysname') = 'frequentlydroppedtable' 
    begin
        declare @tbl nvarchar(500) = concat(quotename(EVENTDATA().value('(EVENT_INSTANCE/SchemaName)[1]', 'sysname')), '.', quotename(EVENTDATA().value('(EVENT_INSTANCE/ObjectName)[1]', 'sysname')));
        declare @user nvarchar(150) = EVENTDATA().value('(EVENT_INSTANCE/UserName)[1]', 'sysname');
        
        if @user <> 'dbo' and IS_ROLEMEMBER('db_owner', @user) = 0 and IS_ROLEMEMBER('db_ddladmin', @user) = 1 --... any ddl admin gets deny when they create the table :)
        begin
            declare @sql nvarchar(500) = 'deny select on ' + @tbl + ' to ' + quotename(@user);
            exec(@sql)
        end
    end
end
go

--dbo or ....
drop table if exists frequentlydroppedtable;
go
create table frequentlydroppedtable(id int);
go
--works
select * from frequentlydroppedtable
go


--create a test db_ddladmin
create user test_db_ddladmin without login;
go
alter role db_ddladmin add member test_db_ddladmin;
go
execute as user = 'test_db_ddladmin'
go
drop table if exists frequentlydroppedtable;
go
create table frequentlydroppedtable(id int);
go
--permission violation, deny select
select * from frequentlydroppedtable
go

revert
go

--cleanup
drop table if exists frequentlydroppedtable;
go
drop user test_db_ddladmin;
go
drop trigger deny_select_on_frequentlydroppedtable on database
go
我的问题都与用户有关。这正是我所需要的。非常感谢。