如何防止数据库用户通过触发器删除所有表中的数据
专家您好 如何防止数据库用户使用触发器删除表中的任何数据? 我只想管理员从表中删除数据
谢谢
Hi Experts
How I can prevent database user deleting any data in tables using triggers?
I want just Admin delete Data from tables
Thanks
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
嗯,取消用户权限吗?如果您不希望他们做某事,请“禁止”他们这样做……这就是我们拥有权限的原因。
以下是有关如何撤销权限的详细信息:
http://msdn.microsoft.com/ en-us/library/ms186308.aspx
Umm take away that users permission? If you don't want them doing something, 'disallow' them that right... thats why we have permissions.
Here are details on how to revoke permissions:
http://msdn.microsoft.com/en-us/library/ms186308.aspx
您想使用触发器有什么特殊原因吗?
您只需删除要限制的用户的 DELETE 权限即可。请查看此处的“权限”部分: http://msdn.microsoft .com/en-us/library/ms189835.aspx
编辑:既然你说你确实想使用触发器(但我真的认为你应该重新考虑),你可以创建一个表,例如:
在所有表上创建
INSTEAD OF DELETE触发器(这将是一件苦差事),它会检查中的表,如果它们USER_NAME()>Restricted_UsersEXIST,您可以调用RAISERROR来回滚事务并向用户显示一条消息。请记住,您必须在添加到数据库的所有新表上维护这些触发器,并在每次从数据库中添加/删除用户时维护
Restricted_Users表中的用户列表。使用 SQL Server 中可用的权限系统(这就是它的设计目的)以及为表设置了适当权限的角色,会简单得多。然后,在添加新用户时,您只需将他们分配给适当的角色,系统就会为您处理删除权限。
Any particular reason you want to use triggers?
You could simply remove the DELETE permission from the users you want to restrict. Have a look at the "Permissions" section here: http://msdn.microsoft.com/en-us/library/ms189835.aspx
EDIT: Since you say you do want to use triggers (but I really think you should reconsider) you can create a table such as:
Create
INSTEAD OF DELETEtriggers on all your tables (that's going to be a chore) which checks for theUSER_NAME()in theRestricted_Userstable and if theyEXISTyou can callRAISERRORto cause the transaction to be rolled back and display a message to the user.Remember you will have to maintain these triggers on all new tables added to the database as well as maintaining the list of users in the
Restricted_Userstable whenever you add/remove users from the database.It would be a lot simpler to use the permission system available in SQL Server (it's what it's designed for) using roles with appropriate permissions set for the tables. Then, when adding new users you only have to assign them to the appropriate role and the delete permissions are handled for you.