【发布时间】:2021-06-25 18:23:35
【问题描述】:
我对 SQL 还很陌生。 我正在尝试为我正在制作的函数库设置角色。
在我看来,从一个角色继承到更高的角色是有道理的。 我的想法(当然由于继承属性而失败):
USE SomeDb
go
create or alter function dbo.basicfunc() returns int as begin return 0 end
go
create or alter function dbo.mediumfunc() returns int as begin return 1 end
go
create or alter function dbo.adminfunc() returns int as begin return 2 end
go
create role db_role_basic
grant execute on dbo.basicfunc to db_role_basic
create role db_role_medium --INHERIT from db_role_basic
ALTER ROLE db_role_medium add member db_role_basic
grant execute on dbo.mediumfunc to db_role_medium
create role db_role_admin --INHERIT from db_role_medium
ALTER ROLE db_role_admin add member db_role_medium
grant execute on dbo.adminfunc to db_role_admin
create login AdminLogin with password = 'P$1p11'
create user AdminUser for login AdminLogin
alter role db_role_admin add member AdminUser
SETUSER 'AdminUser'
select dbo.adminfunc()
select dbo.basicfunc()
所以最终,Admin 角色将拥有较低角色的所有权限。
如果我将权限更改为较低的角色,它会在链条上涓涓细流……而且我不会为每个角色复制说明。
因为它在这里,我得到了错误:
Msg 229, Level 14, State 5, Line 391
The EXECUTE permission was denied on the object 'BasicFunc', database 'mds test db', schema 'dbo'.
【问题讨论】:
标签: sql sql-server inheritance roles sql-server-2017