USE mydb
GO
--1. 新建測試用戶
--1.1 添加登錄用戶和密碼
EXEC sp_addlogin N'tony','123'
--1.2 使其成爲當前數據庫的合法用戶
EXEC sp_grantdbaccess N'tony'
--2.設置操作授權
--2.1 授予對自己數據庫的所有權限
EXEC sp_addrolemember N'db_owner', N'tony'
--2.2 以下是設置具體操作權限
--授予tony對所有用戶表的操作權限
GRANT SELECT,INSERT,UPDATE,DELETE TO tony
--授予tony SELECT,UPDATE到具體的表
GRANT SELECT,UPDATE ON tb TO tony
--授予tony SELECT,UPDATE到具體的表和列
GRANT SELECT,UPDATE ON tb(id,col) TO tony
--禁止tony對所有用戶表的操作權限
DENY SELECT,INSERT,UPDATE,DELETE TO tony
--禁止tony SELECT,UPDATE到具體的表
DENY SELECT,UPDATE ON tb TO tony
--禁止tony SELECT,UPDATE到具體的表和列
DENY SELECT,UPDATE ON tb(id,col) TO tony
--刪除tony 對所有用戶表的授權信息
REVOKE SELECT,INSERT,UPDATE,DELETE TO tony
--授予tony對具有創建表、視圖、存儲過程等的操作權限
GRANT CREATE TABLE,CREATE VIEW,CREATE PROC TO tony
--禁止tony對具有創建表、視圖、存儲過程等的操作權限
DENY CREATE TABLE,CREATE VIEW,CREATE PROC TO tony
--刪除tony對具有創建表、視圖、存儲過程等的授權信息
REVOKE CREATE TABLE,CREATE VIEW,CREATE PROC TO tony
GO
--注:更多相關授權信息參考後面的附表中“數據庫權限”列。
--3. 刪除測試用戶
EXEC sp_revokedbaccess N'tony' --移除用戶對數據庫的訪問權限
EXEC sp_droplogin N'tony' --刪除登錄用戶
GO
附表:
數據庫權限 | 數據庫權限隱含的權限 | 服務器權限隱含的權限 |
---|---|---|
ALTER |
CONTROL |
ALTER ANY DATABASE |
ALTER ANY APPLICATION ROLE |
ALTER |
CONTROL SERVER |
ALTER ANY ASSEMBLY |
ALTER |
CONTROL SERVER |
ALTER ANY ASYMMETRIC KEY |
ALTER |
CONTROL SERVER |
ALTER ANY CERTIFICATE |
ALTER |
CONTROL SERVER |
ALTER ANY CONTRACT |
ALTER |
CONTROL SERVER |
ALTER ANY DATABASE DDL TRIGGER |
ALTER |
CONTROL SERVER |
ALTER ANY DATABASE EVENT NOTIFICATION |
ALTER |
ALTER ANY EVENT NOTIFICATION |
ALTER ANY DATASPACE |
ALTER |
CONTROL SERVER |
ALTER ANY FULLTEXT CATALOG |
ALTER |
CONTROL SERVER |
ALTER ANY MESSAGE TYPE |
ALTER |
CONTROL SERVER |
ALTER ANY REMOTE SERVICE BINDING |
ALTER |
CONTROL SERVER |
ALTER ANY ROLE |
ALTER |
CONTROL SERVER |
ALTER ANY ROUTE |
ALTER |
CONTROL SERVER |
ALTER ANY SCHEMA |
ALTER |
CONTROL SERVER |
ALTER ANY SERVICE |
ALTER |
CONTROL SERVER |
ALTER ANY SYMMETRIC KEY |
ALTER |
CONTROL SERVER |
ALTER ANY USER |
ALTER |
CONTROL SERVER |
AUTHENTICATE |
CONTROL |
AUTHENTICATE SERVER |
BACKUP DATABASE |
CONTROL |
CONTROL SERVER |
BACKUP LOG |
CONTROL |
CONTROL SERVER |
CHECKPOINT |
CONTROL |
CONTROL SERVER |
CONNECT |
CONNECT REPLICATION |
CONTROL SERVER |
CONNECT REPLICATION |
CONTROL |
CONTROL SERVER |
CONTROL |
CONTROL |
CONTROL SERVER |
CREATE AGGREGATE |
ALTER |
CONTROL SERVER |
CREATE ASSEMBLY |
ALTER ANY ASSEMBLY |
CONTROL SERVER |
CREATE ASYMMETRIC KEY |
ALTER ANY ASYMMETRIC KEY |
CONTROL SERVER |
CREATE CERTIFICATE |
ALTER ANY CERTIFICATE |
CONTROL SERVER |
CREATE CONTRACT |
ALTER ANY CONTRACT |
CONTROL SERVER |
CREATE DATABASE |
CONTROL |
CREATE ANY DATABASE |
CREATE DATABASE DDL EVENT NOTIFICATION |
ALTER ANY DATABASE EVENT NOTIFICATION |
CREATE DDL EVENT NOTIFICATION |
CREATE DEFAULT |
ALTER |
CONTROL SERVER |
CREATE FULLTEXT CATALOG |
ALTER ANY FULLTEXT CATALOG |
CONTROL SERVER |
CREATE FUNCTION |
ALTER |
CONTROL SERVER |
CREATE MESSAGE TYPE |
ALTER ANY MESSAGE TYPE |
CONTROL SERVER |
CREATE PROCEDURE |
ALTER |
CONTROL SERVER |
CREATE QUEUE |
ALTER |
CONTROL SERVER |
CREATE REMOTE SERVICE BINDING |
ALTER ANY REMOTE SERVICE BINDING |
CONTROL SERVER |
CREATE ROLE |
ALTER ANY ROLE |
CONTROL SERVER |
CREATE ROUTE |
ALTER ANY ROUTE |
CONTROL SERVER |
CREATE RULE |
ALTER |
CONTROL SERVER |
CREATE SCHEMA |
ALTER ANY SCHEMA |
CONTROL SERVER |
CREATE SERVICE |
ALTER ANY SERVICE |
CONTROL SERVER |
CREATE SYMMETRIC KEY |
ALTER ANY SYMMETRIC KEY |
CONTROL SERVER |
CREATE SYNONYM |
ALTER |
CONTROL SERVER |
CREATE TABLE |
ALTER |
CONTROL SERVER |
CREATE TYPE |
ALTER |
CONTROL SERVER |
CREATE VIEW |
ALTER |
CONTROL SERVER |
CREATE XML SCHEMA COLLECTION |
ALTER |
CONTROL SERVER |
DELETE |
CONTROL |
CONTROL SERVER |
EXECUTE |
CONTROL |
CONTROL SERVER |
INSERT |
CONTROL |
CONTROL SERVER |
REFERENCES |
CONTROL |
CONTROL SERVER |
SELECT |
CONTROL |
CONTROL SERVER |
SHOWPLAN |
CONTROL |
ALTER TRACE |
SUBSCRIBE QUERY NOTIFICATIONS |
CONTROL |
CONTROL SERVER |
TAKE OWNERSHIP |
CONTROL |
CONTROL SERVER |
UPDATE |
CONTROL |
CONTROL SERVER |
VIEW DATABASE STATE |
CONTROL |
VIEW SERVER STATE |
VIEW DEFINITION |
CONTROL |
VIEW ANY DEFINITION |