Tsql 角色权限筛选视图t-sql
是否可以根据分配给最终用户数据库角色的选择授权筛选t-sql视图的内容,而不生成选择权限异常 如果是,怎么做 伪:Tsql 角色权限筛选视图t-sql,tsql,Tsql,是否可以根据分配给最终用户数据库角色的选择授权筛选t-sql视图的内容,而不生成选择权限异常 如果是,怎么做 伪: CREATE TABLE Beer(a(x), b(y)); GRANT SELECT ON Beer to BeerOnlyRole; CREATE TABLE Wine(a(x), b(y)); GRANT SELECT ON Wine to WineAndBeerRole; GRANT SELECT ON Beer to WineAndBeerRole; CREATE V
CREATE TABLE Beer(a(x), b(y)); GRANT SELECT ON Beer to BeerOnlyRole;
CREATE TABLE Wine(a(x), b(y)); GRANT SELECT ON Wine to WineAndBeerRole;
GRANT SELECT ON Beer to WineAndBeerRole;
CREATE VIEW SimpleAlcoholSearch
(
SELECT a AS BrandName
,b AS Strength
FROM Beer
UNION
SELECT a AS BrandName
,b AS Strength
FROM Wine
)
GRANT SELECT ON SimpleAlcoholSearch to BeerOnlyRole;
GRANT SELECT ON SimpleAlcoholSearch to WineAndBeerRole;
正如BeerOnlyRole:
从SimpleAllocholSearch中选择*:
啤酒1%
啤酒2%
作为WineAndBeerRole:
从SimpleAllocholSearch中选择*:
啤酒1%
啤酒2%
葡萄酒1.10%
葡萄酒2.11%
感谢您阅读此…我通过对每个表的各种目录视图进行快速脏检,解决了此问题:
SELECT a AS BrandName
,b AS Strength
FROM Beer
WHERE 1 =
(
SELECT TOP 1 1
FROM sys.database_permissions sy_dpe
JOIN sys.objects sy_o ON sy_dpe.major_id = sy_o.object_id
JOIN sys.schemas sy_sc ON sy_o.schema_id = sy_sc.schema_id
JOIN sys.database_principals sy_dpr ON sy_dpe.grantee_principal_id = sy_dpr.principal_id
JOIN sys.database_role_members sy_drm ON sy_drm.role_principal_id = sy_dpr.principal_id
JOIN sys.database_principals sy_dpr2 ON sy_dpr2.principal_id = sy_drm.member_principal_id
WHERE sy_dpr2.name = SYSTEM_USER
AND sy_o.name = 'Beer'
AND sy_sc.name = '[n]'
AND sy_dpe.type = 'SL'
AND sy_dpe.state = 'G'
)
UNION
....
有人有更整洁的方法吗
谢谢