在Microsoft SQL Server上创建\删除表需要什么特权? dbowner可以吗? [英] What privileges are needed to create\delete tables on a Microsoft SQL Server? Is dbowner ok?
问题描述
我对 SQL Server 不太满意,我有以下疑问:我必须要求创建一个可以在某些数据库上工作的用户。该用户必须创建删除表,在这些表中插入删除记录。
I am not so into SQL Server and I have the following doubt: I have to require the creation of an user that can work on some databases. This user have to create\delete table, insert\delete records in these tables.
必须为此用户在这些数据库上设置哪种类型的权限? dbowner 是否可以执行这些操作? (特别重要的是,该用户可以创建\delete表)还是我遗漏了什么?
What type of permission have to be set for this user on these databases? Is dbowner ok to perform these operations? (in particular is very important that this user can create\delete tables) or am I missing something?
推荐答案
首先,使用角色:
- 角色是分层安全模型的一部分:
- 登录安全性-连接到服务器
- 数据库安全性-获得对数据库的访问权限
- 数据库对象-获得对单个对象的访问权限数据库对象和
数据**
- Roles are a part of the tiered security model:
- Login security—Connecting to the server
- Database security—Getting access to the database
- Database objects—Getting access to individual database objects and data**
预定义的数据库角色
创建自己的数据库,但是您可以访问几个预定义的数据库角色:
Predefined database roles You may need to create your own, but you have access to several predefined database roles:
- db_owner:成员具有完全访问权限。
- db_accessadmin:成员可以管理Windows组和SQL Server
登录。 - d b_datareader:成员可以读取所有数据。
- db_datawriter:成员可以在表中添加,删除或修改数据。
- db_ddladmin:允许用户
- db_securityadmin:成员可以修改角色成员身份并管理
权限。 - db_bckupoperator:成员可以备份数据库。
- db_denydatareader:成员不能查看数据库中的数据。
- db_denydatawriter:成员不能更改或删除表或
视图中的数据。
- db_owner: Members have full access.
- db_accessadmin: Members can manage Windows groups and SQL Server logins.
- db_datareader: Members can read all data.
- db_datawriter: Members can add, delete, or modify data in the tables.
- db_ddladmin: allows a user to create, drop, or modify any objects within a database, regardless of who owns.
- db_securityadmin: Members can modify role membership and manage permissions.
- db_bckupoperator: Members can back up the database.
- db_denydatareader: Members can’t view data within the database.
- db_denydatawriter: Members can’t change or delete data in tables or views.
固定角色:
固定服务器角色在整个服务器范围内应用,并且有几种预定义的服务器角色:
Fixed roles : The fixed server roles are applied serverwide, and there are several predefined server roles:
- SysAdmin:任何成员都可以执行任何操作在服务器上。
- ServerAdmin:任何成员都可以在服务器上设置配置选项。
- SetupAdmin:任何成员都可以管理链接的服务器和SQL Server
星tup选项和任务。 - 安全性管理员:任何成员都可以管理服务器安全性。
- ProcessAdmin:任何成员都可以杀死在SQL Server上运行的进程。
- DbCreator:任何成员都可以创建,更改,删除和还原数据库。
- DiskAdmin:任何成员都可以管理SQL Server磁盘文件。
- BulkAdmin:任何成员都可以运行批量插入命令。
- SysAdmin: Any member can perform any action on the server.
- ServerAdmin: Any member can set configuration options on the server.
- SetupAdmin: Any member can manage linked servers and SQL Server startup options and tasks.
- Security Admin: Any member can manage server security.
- ProcessAdmin: Any member can kill processes running on SQL Server.
- DbCreator: Any member can create, alter, drop, and restore databases.
- DiskAdmin: Any member can manage SQL Server disk files.
- BulkAdmin: Any member can run the bulk insert command.
这篇关于在Microsoft SQL Server上创建\删除表需要什么特权? dbowner可以吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
