SQL Server 数据库所有者

发布于 2024-09-04 04:31:58 字数 373 浏览 11 评论 0原文

在我的 SQL2008 中,我有一个具有“db_datareader”、“db_datawriter”和“db_ddladmin”数据库角色的用户,但是当他尝试使用 SSMS 修改表时,他收到一条消息:

您没有以以下身份登录数据库所有者或系统管理员。您可能无法保存对不属于您的表的更改。

当然,我想避免出现此类消息,但直到现在我确实找到了方法... 因此,我尝试通过将用户添加到“db_owner”角色来修改用户,当然我没有上面的消息。

我的问题是:

  • 是否可以将用户保留在“db_owner”角色中,但拒绝某些操作,例如更改用户或?我尝试在数据库级别安全地“更改任何用户”,但它不起作用......

谢谢!

in my SQL2008 I have a user which is in the "db_datareader", "db_datawriter" and "db_ddladmin" DB roles, however when he tries to modify a table with SSMS he receives a message saying:

You are not logged in as the database owner or system administrator. You might not be able to save changes to tables that you do not own.

Of course, I would like to avoid such message, but until now I did find the way...
Therefore, I try to modify the user by adding him to the "db_owner" role, and of course I do not have the message above.

My question is:

  • Is it possible to keep the user in the "db_owner" role, but deny some actions like alter user or ? I try "alter any user" securable on DB level, but it does not work...

THANKS!

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

依 靠 2024-09-11 04:31:58

如果用户是 db_ddladmin 的一部分,那么这应该不是问题。这只是一个警告

If the user is part of db_ddladmin it shouldn't be a problem. This is just a warning

感悟人生的甜 2024-09-11 04:31:58

db_ddladmin 固定数据库角色的成员可以运行数据库中的任何数据定义语言 (DDL) 命令。这可能只是来自 SSMS 的警告,尝试创建一个用户并尝试更改一些表

Members of the db_ddladmin fixed database role can run any Data Definition Language (DDL) command in a database. It is probably just a warning from SSMS, try it out create a user and try to alter some tables

信仰 2024-09-11 04:31:58

我的理解一直是,任何拥有 db_owner 权限的用户都可以对数据库执行任何操作,包括删除数据库。当然,在 SQL 2005 中确实如此。我没有听到任何消息表明这种情况在 SQL 2008 中发生了变化。

My understanding has always been that any user with db_owner rights can do anything to a database, up to and including dropping it. Certainly, this was true through SQL 2005. I've heard nothing to imply that this has changed with SQL 2008.

夜巴黎 2024-09-11 04:31:58

这些确实是警告,我没有看到任何方法可以在 SSMS 中禁用此类警告。

在 2008R2 中,我看到的行为是具有“db_datareader”、“db_datawriter”和“db_ddladmin”的用户仍然需要被授予视图定义才能通过右键单击并选择设计在 SSMS 中进行编辑。如果您尚未授予视图定义,则设计视图将以只读方式打开(带有警告)。

请参阅:MSFT Connect Bug

对我来说,通过角色向 ddladmin 用户分配视图定义权限似乎更容易发现,而不是像 Connect 上的解决方法中所述为特定用户帐户执行此操作。这将添加 db_definitionviewer 数据库角色:

USE <DB Name>;
CREATE ROLE db_definitionviewer;
GRANT VIEW DEFINITION TO db_definitionviewer;
EXEC sp_addrolemember 'db_definitionviewer', '<DOMAIN\group> | <DOMAIN\User>';

Those are indeed warnings, and I don't see any way to disable that type of warning in SSMS.

In 2008R2 the behavior I'm seeing is users with "db_datareader", "db_datawriter" and "db_ddladmin" still need to be granted view definition to be able to make edits in SSMS by right-clicking and selecting design. If you haven't granted view definition, then the design view will open (with warnings) read-only.

See: MSFT Connect Bug

To me it seems more discoverable to assign view definition permissions to your ddladmin users through a role, rather than doing it for specific user accounts as stated in the workaround on Connect. This will add a db_definitionviewer database role:

USE <DB Name>;
CREATE ROLE db_definitionviewer;
GRANT VIEW DEFINITION TO db_definitionviewer;
EXEC sp_addrolemember 'db_definitionviewer', '<DOMAIN\group> | <DOMAIN\User>';
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文