6、
(1)
--标准SQL
grant all privileges
on table 学生,班级
to u1
--T-sql
grant all
on 学生
to u1
with grant option
grant all
on 班级
to u1
with grant option
(2)
grant select update (住址)
on table 班级
to public
--标准SQL
--T-sql
grant select update (住址)
on 班级
to public
(3)
grant select
on table 班级
to public
--标准SQL
grant select
on 班级
to public
--T_sql
(4)
grant select update
on table 学生
to r1
--标准sql
--T-sql
grant select update
on 学生
to r1
(5)
grant r1
to u1
with admin option
--T-sql
alter role r1
add member u1;
7
(1)
grant select
on table 职工,部门
to 王平
--
grant select
on 职工
to 王平
grant select
on 部门
to 王平
(2)
grant delect,update
on table 职工,部门
to 李勇
------
grant delete ,update
on 职工
to 李勇
grant delete ,update
on 部门
to 李勇
(3) The subject reference to the contents of the students will be given later link
grant select
on table 职工
when user()=姓名--不知道为什么看到when 这个关键字不是那么惊讶,。可能是
--where 用多了
to public
--T-sql不再赘述
(4)
grant select ,update(工资)
on table 职工
to 刘星
--自己可以改工资,还有这操作,t_Sql 不再赘述
(5)
grant alter
on 职工,部门
to 张新
-----
grant alter
on 职工
to 张新
grant alter
on 部门
to 张新
(6)
grant all privileges
on table 职工,部门
to 周平
with grant option
---T-sql不再赘述
privileges
(7)
According to this subject can not be directly authorize a base table, the establishment of a view
create view money(num,max_money,min_money,avg_money)
as
select 部门号,max(工资),min(工资),avg(工资)
from 职工
group by 部门号
grant select
on money
to 杨兰
--标准不再赘述
8
(1)
revoke select
on table 职工,部门
from 王平
(2)
revoke insert ,delete
on table 职工,部门
from 李勇
(3)
revoke select
on table 职工
when user()=名称
to public
(4)
revoke select ,update(工资)
on table 职工
from 刘星
(5)
revoke alter
on table 职工,部门
from 张新
(6)
revoke all privileges
on 职工
from 周平 cascade
--这个在t -sql 中也要有,否则会报错
(7)
revoke select
on view money
from 杨兰
The above code, if there is an error, I hope you have educated us
Security summary
Introduction
A good database will have to consider the safety of, for example, if a user login account thousands of times a minute, that user is likely to be problematic. In order to better protect data security should be considered.
Database security
(1) security control database
<1> user identity checking
<2> MAC
<3> customize access method
<4> Authorized Grant / REVOKE
<. 5> mandatory access control method permission level is greater than the object body the secret level can be read
only when the permission level of the body less dense object can be written
(2) view
from above example can be seen in the view of the data can be protected.
(3) audit
can audit the operation of the user, the user find non-standard audit
(4) data encryption
can use some algorithm to encrypt data, do not worry even if the select
(5) other security protection
Finally recommend a blog, compared to this one this I really pales
https://blog.csdn.net/fu_gaga/article/details/105214694 (third and references 7 of this title)