- **************** architecture * subject ************* -
the SELECT * from sys.database_principals - Create a database user database principal [ the information is written to the body]
the SELECT * from sys.schemas - create the database schema [role permissions information is written to the body]
the SELECT * from the sys.server_principals - server principal [create user login information will be written into the body]
- **************** architecture * subject ************* -
- Note: [[[command with [] section is what we want to enter in]]]
- (1) create a login user [of the sentence execution, data will be stored in the main server in sys.server_principals] --LoginUserName login user name
CREATE login [LoginUserName] WITH password = '[123456]', default_database = ReportServer
- (2) [specify the default database in order to maintain and create a database user to create a login user default database is consistent, where the current sql database may not create the default database login user. If they are consistent, you can not perform]
USE ReportServer
- (3) create a database user and establish a connection with the execution of the sentence [logged-on user, the data will be stored in the database in the main sys.database_principals] - DatabaseUserName database user name
CREATE USER [DatabaseUserName] FOR login [ LoginUserName] WITH default_schema = dbo - [DatabaseUserName] and [LoginUserName] name had better be consistent, to facilitate future identification and registration and check the mapping.
- (4-1) to give permission to the new user
the USE the ReportServer
EXEC the sp_addrolemember 'the db_datareader', '[DatabaseUserName]'
- fixed database role ******************* ******************* -
'of the db_owner' - have full access to the database, including deleting the database permissions
'the db_accessadmin' - to create additional database user privileges only to the database users and does not create user authority.
'db_securityadmin' - can manage all permissions, object ownership, roles and role memberships
'the db_ddladmin' - can issue all DDL (Create, Alter, and Drop), but can not issue GRANT, REVOKE, or DENY statements
'db_backupoperator' - allowed rights to the database backup and restore {backup and restore can be performed by a sql sever management studio]
'the db_datareader' - any user can select any data table in database
'db_datawriter' - user can change any table in the database All data
'db_denydatareader' - can not query any data in any user table in the database
'db_denydatawriter' - can not change any data in any user table in the database
- more interpretation please visit: https: // www. cnblogs.com/tiancai/p/4877969.html
- ******************* ******************* fixed database role -
- (4-2) to the list of authorized limit, it can only access specific tables -------------------- TableName Table name
/ *
between GRANT, REVOKE, DENY the image interpretation
gRANT give you an apple
REVOKE I want to get back to your Apple
DENY does not give you Apple
* /
- grant the user query, insert, update, delete permissions table, as well as recycling and user access is disabled
gRANT SELECT, iNSERT, the UPDATE, the ON the DELETE [the TableName] to [DatabaseUserName]
REVOKE the SELECT, the INSERT, the UPDATE, the ON the DELETE [the TableName] to [DatabaseUserName]
GRANT SELECT ON [TableName] TO [DatabaseUserName]
REVOKE SELECT ON [TableName] TO [DatabaseUserName]
GRANT INSERT ON [TableName] TO [DatabaseUserName]
REVOKE INSERT ON [TableName] TO [DatabaseUserName]
GRANT UPDATE ON [TableName] TO [DatabaseUserName]
REVOKE UPDATE ON [TableName] TO [DatabaseUserName]
GRANT DELETE ON [TableName] TO [DatabaseUserName]
REVOKE DELETE ON [TableName] TO [DatabaseUserName]
DENY DELETE ON [TableName] TO [DatabaseUserName]
--------------------------------------------------------------------
- (5) enabling the user to access other database permissions -
use [AnotherDatabase]
the CREATE the USER [DatabaseUserName] the FOR the Login [LoginUserName] the WITH default_schema = dbo - can access the database, that is, in the new database security accounts to build an identical user, by sql sever management studio to see easy to understand.
The sp_addrolemember EXEC 'the db_datareader', '[DatabaseUserName]' - assign permissions to access the database
- (6) to create role privileges
- ******************** create role privileges ***************** - ******
'[db_selectUpdate]' EXEC sp_addrole - create a similar role db_datareader database will exist in the database schema sys.schemas
GRANT the SELECT, UPDATE the tO [db_selectUpdate] - and to the role given query modify permission
EXEC sp_addrolemember '[db_selectUpdate]', '[DatabaseUserName]' - just assign permissions given to the new database user [after only want to view and modify permissions to use the new on it]
- ** ****************** create role privileges ********************************************************** -
- (7) Other operating command -------------
- disable login account:
the ALTER the Login [LoginUserName] DISABLE
- Enable login account:
the ALTER the Login [LoginUserName] ENABLE
- Log renamed account :( database user names have not changed, but the correspondence between the still, the corresponding database user name of the user folder name in security has not changed, to change this name, see [Database] user renamed)
the ALTER login [LoginUserName] WITH name = [ NewLoginUserName]
- change your password login account:
the ALTER the Login [LoginUserName] the WITH password = '[654321]'
- User Database renamed:
the ALTER the USER [DatabaseUserName] name = the WITH [NewDatabaseUserName]
- delete a specific database user access rights (to specify the database name to be deleted): DatabaseName database name of
the USE [DatabaseName]
DROP the USER [DatabaseUserName]
- remove SQL Server login account (two ways) [after performing server principal sys.server_principals will delete the logged-on user]:
DROP the Login [LoginUserName]
EXEC sp_revokedbaccess '[LoginUserName]'
the CREATE the USER [DatabaseUserName] the FOR the Login [LoginUserName] the WITH default_schema = dbo
- (8) Backup and restore the database
- Backup and restore the database *************** ******************** ******** -
1 / * backup * /
the bACKUP DATABASE [DatabaseName] the TO DISK = '[D: \ haha.bak]'
2 / * Delete the database * /
drop Database [DatabaseName]
3 /* 还原 */
restore DATABASE [DatabaseName] FROM DISK = '[D:\haha.bak]'
4 / * the authority given to the user backup of the database Test5 [At this point he can only back up the database, not restore authority, users want to restore the child to find the sa user to restore] * /
GRANT the BACKUP DATABASE the TO [DatabaseUserName]
Permissions 5 / * to grant sub-user database backup and restore currently not achieve reduction function * / in the sub user
EXEC sp_addrolemember 'db_backupoperator', '[DatabaseUserName]'
- ************* ******* backup and restore the database ********************************************************** -