phan quyen trong sql server
DESCRIPTION
phan quyen trong sql serverTRANSCRIPT
-
Phan Hin*
-
S phn chia kh nng qun tr v s dng h qun tr c s d liu SQL Server.Hnh thnh theo c cuNgi ng nhp (login)Ngi dng (user)Quyn hn (permission)Nhm quyn (role)Ngi ng nhp c th hin l mi mt ngi dng vi mt s quyn hn ng vi mt d liu.
*
-
1234R1R2LoginSQL ServiceUser & Permission & RoleDatabase
Log inSQL ServerP*
-
To ngi ng nhp
exec sp_addlogin tn_login , mt_khu [, d_liu]
create login tn_login with password = mt_khu [, default_database = d_liu ]*
-
Xa ngi ng nhp
exec sp_droplogin tn_login
drop login tn_login Thay i ngi ng nhp
alter login { [enable | disable] | with { password = | default_database = } }*
-
To ngi dng cho tng d liu
exec sp_adduser tn_login , tn_user[ , tn_role ]create user tn_user for tn_loginXa ngi dng
exec sp_dropuser tn_userdrop user tn_user*
-
To nhm quyn
exec sp_addrole tn_role
create role tn_roleXa nhm quyn
exec sp_droprole tn_roledrop role tn_role*
-
Gn ngi dng vi nhm quyn
exec sp_addrolemember tn_role , tn_user
Xa nhm quyn
exec sp_droprolemember tn_role , tn_user*
-
To quyn hn
Grant {ALL | permission} on table[ (column [,n])] to { user | role [, n] }[with grant option]
with grant option : c php gn li quyn m mnh c cho ngi khc.*
-
Xa quyn hn
Revoke [grant option for] {ALL | permission} on table[ (column [,n])] to { user | role [, n] }[cascade]
grant option for : b tnh nng cp li quyn cho ngi khc (quyn vn c gi li).cascade: b tt c cc quyn ( cc k tha)*
-
ng nhp sa
Exec sp_addlogin u1, 123Exec sp_addlogin u2, 123Exec sp_adduser u1, u1Exec sp_adduser u2, u2Grant select on sinhvien to u1 with grant option
u1 c quyn dng 2 lnh - Select * from sinhvien - Grant select on sinhvien to u2 [with grant option]*
-
ng nhp vi u1
Grant select on sinhvien to u2 with grant optionVy u2 c quyn select v grant.ng nhp vi sa
Revoke select on sinhvien to u1 cascade Xa ht quyn select v grant u1 v c u2Revoke grant option for select on sinhvien to u1 cascade Xa quyn grant u1 v quyn select v grant u2*
*
*