良好的安全做法和自动标识范围是否相互排斥? [英] Are good security practices and auto identity range mgmt mutually exclusive?

问题描述

我正在尝试使用自动标识范围管理.但是，确保我的用户可以在带有标识列的表中插入记录的唯一方法是将它们设置为db_owner.我想念什么吗?

I'm trying to use Automatic Identity Range Management. However, the only way to ensure my users can INSERT records in tables with identity columns is to make them db_owner. Am I missing something?

有关完整背景，请参阅我之前的问题: 推荐答案

显然它们是互斥的.

以下摘录自> Microsoft员工博客(请注意，这不是正式"文档，但与获得的内容差不多):

常见身份范围问题

1)插入发布者表或订阅表的帐户不是db_owner.

SQL 2005/8订阅者具有合并复制触发器，如果​​进行插入的帐户是db_owner角色的成员，则该合并复制触发器可以将耗尽的主范围调整为辅助辅助范围.如果连接的帐户是db_owner角色的成员，则发布者还可以刷新范围(创建新的主范围和辅助范围).但是，如果插入表中的帐户不属于db_owner角色，则触发器无法进行此类调整.在这种情况下，需要执行合并代理才能在范围耗尽之前进行这些调整，以避免新插入失败，或者db_owner成员必须手动运行系统存储过程sp_adjustpublisheridentityrange(Transact-SQL).

SQL 2005/8 subscribers have merge replication triggers that can adjust an exhausted primary range onto the secondary auxiliary range if the account making inserts is a member of db_owner role. Publishers can also refresh the range (create new Primary and Secondary Ranges) if the account connected is a member of db_owner role. However, if the account making inserts into the tables does not belong to the db_owner role, the triggers cannot make such adjustments. In this case, the Merge Agent needs to execute in order to make those adjustments before the range exhausts to avoid new inserts to fail or a member of db_owner must manually run the system stored procedure sp_adjustpublisheridentityrange (Transact-SQL).

什么！?！?！谁在写唯一插入记录为db_owners的用户的数据库应用程序?

WHAT!?!?! Who is out there writing database applications where the only users inserting records are db_owners?

这篇关于良好的安全做法和自动标识范围是否相互排斥?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！