当前位置: 文江博客话题详情

需要学习如何在 SQL Server 数据库上设置适当的权限以允许通过 Sync Framework 2.1 进行同步

发布于 2024-12-14 09:39:05 字数 2141 浏览 0 评论 0原文

SQL Server 不是我的强项,当我完成基本的创建表、从表中选择等操作时,我开始迷失方向。

我正在尝试使用通过代理同步到 SQL 的 Microsoft SQLCompact 3.5 数据库来设置数据库同步方案2008 R2 数据库。它通过 Microsoft Sync Framework 2.1 进行同步。

当用户帐户是数据库的 db_owner 时,我通过代理完成了所有设置并正常工作。

当然,现在需要锁定它 - 因此我一直在尝试将权限限制为同步所需的最低限度。

根据微软的文章,我需要执行以下操作...

使用最少权限原则。授予的权限不要超过执行特定任务所需的权限。例如,不要为仅下载同步中涉及的服务器数据库表授予 INSERT 权限。同步操作需要以下权限:

<块引用>

对 Sync Framework 用于读取和写入元数据表和基表的所有存储过程的 EXECUTE 权限。

元数据表以及同步会话期间将更新的任何基表的 SELECT、INSERT、UPDATE 和 DELETE 权限。

当您配置使用 SqlSyncProvider 的 SQL Server 数据库时,请注意以下配置权限要求:

<块引用>

CREATE TABLE 权限,用于创建元数据表:scope_info 和scope_config,以及为每个基表创建的跟踪表。

ALTER TABLE 将触发器添加到基表。

CREATE PROCEDURE 权限,用于创建 Sync Framework 所需的过程。

scope_info 和scope_config 表的SELECT 和INSERT 权限。

基表的 SELECT 权限。

我允许 Visual Studio 2010 中的向导为我创建同步数据库和代理。

因此,我无法在 SQL Server 数据库中找到scope_info 和scope_config 表,也无法找到元数据表,因此无法设置这些表的权限。另外 - 我在哪里可以找到同步框架尝试使用的存储过程 - 我已经看过但无法找到它们。

我在哪里可以找到这些以及如何设置适当的权限?

我已授予 SQL Server 数据库的数据读取器和数据写入器、插入、更新、删除和选择以及执行权限,但同步失败。我还为用户授予了数据库上的“创建表”、“创建过程”和“更改”权限,但仍然失败。

如果我为用户启用 db_owner 角色 - 它可以工作。

我收到的错误是:

无法初始化客户端数据库,因为表“tblApplications、tblApplicationConfiguration、tblApplicationInstallProperties、tblApplicationPreRequisites、tblApplicationTypes、tblComputerApps、tblComputers、tblComputerTypes、tblDriveHWSerials、tblDrives、tblDriveTypes、tblFunctions”的架构, tblLocationApps、tblLocationComputers、tblLocationIPAddress、tblLocations、tblLocationUsers、tblPermissions、tblRegionLocations、tblRegions、tblRegisteredModules、tblRequestFormats、tblRequestStatus、tblRequestTypes、tblRoles、tblRoleUsers、tblSecurity、无法通过 DbServerSyncProvider 的 GetSchema() 方法检索 tblUsers、tblVehicle、tblVehicleLocationMap、tblVehicleMake、tblRequestProcessingStatus、tblDriveStatus、tblVideoViewTypes'。 确保您可以建立与客户端数据库的连接,并且正确指定 SyncAdapter 的 SelectIncrementalInsertsCommand 属性或 SelectIncrementalUpdatesCommand 属性。

当 db_owner 角色被释放时,我无法使用它。

原文

SQL Server is not my strong point and I start to get lost when going past the basic Create Table, Select from Table etc.

I am attempting to set up a database synchronisation scenario with an Microsoft SQLCompact 3.5 database being Synced through a Proxy to and SQL 2008 R2 database. It is being synced through the Microsoft Sync Framework 2.1.

I got everything set up and working fine through the proxy when the user account is the db_owner of the database.

Of course this now needs to be locked down - so I have been trying to restrict the permissions to the bare minimum required for Synchronisation.

According to the Microsoft articles, I need to do the following...

Use the principle of least permission. Do not grant more permissions than are required to perform a specific task. For example, do not grant INSERT permissions for server database tables that are involved in download-only synchronization. Synchronization operations require the following permissions:

EXECUTE permissions on all the stored procedures that Sync Framework uses to read and write to metadata tables and base tables.

SELECT, INSERT, UPDATE, and DELETE permissions for metadata tables and any base tables that will be updated during a synchronization session.

When you provision SQL Server databases that use SqlSyncProvider, be aware of the following permissions requirements for provisioning:

CREATE TABLE permissions to enable creation of the metadata tables: scope_info and scope_config, and the tracking tables that are created for each base table.

ALTER TABLE to add triggers to the base tables.

CREATE PROCEDURE permissions to create the procedures that Sync Framework requires.

SELECT and INSERT permissions for scope_info and scope_config tables.

SELECT permissions for base tables.

I allowed the wizards in Visual Studio 2010 to create the Sync database and proxy for me.

As such - I am unable to find the scope_info and scope_config tables in SQL Server databases, and I am also unable to find the metadata tables so cannot set permissions on these tables. Also - where would I find the stored procedures that the Synchronisation framework is trying to use - I have looked but cannto find them.

Where would I find these and how would I go about setting the appropriate permissions?

I have granted datareader and datawriter, Insert, Update, Delete and Select as well as Execute permissions on the SQL Server database but the sync fails. I have also granted Create Table, Create Procedure and ALTER permissions on the database for the user as well- but still it fails.

If i enable the db_owner role for the user - it works.

The error I receive is:

Unable to initialize the client database, because the schema for table 'tblApplications, tblApplicationConfiguration, tblApplicationInstallProperties, tblApplicationPreRequisites, tblApplicationTypes, tblComputerApps, tblComputers, tblComputerTypes, tblDriveHWSerials, tblDrives, tblDriveTypes, tblFunctions, tblLocationApps, tblLocationComputers, tblLocationIPAddress, tblLocations, tblLocationUsers, tblPermissions, tblRegionLocations, tblRegions, tblRegisteredModules, tblRequestFormats, tblRequestStatus, tblRequestTypes, tblRoles, tblRoleUsers, tblSecurity, tblUsers, tblVehicle, tblVehicleLocationMap, tblVehicleMake, tblRequestProcessingStatus, tblDriveStatus, tblVideoViewTypes' could not be retrieved by the GetSchema() method of DbServerSyncProvider.
Make sure that you can establish a connection to the client database and that either the SelectIncrementalInsertsCommand property or the SelectIncrementalUpdatesCommand property of the SyncAdapter is specified correctly.

I am not able to use the db_owner role when its released.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

不交电费瞎发啥光 2024-12-21 09:39:05

Sync Framework 中有两种类型的数据库提供程序:本地数据库缓存项目项使用的离线提供程序 (SqlCeClientSyncProvider/DbServerSyncProvider) 和协作/点对点提供程序 (SqlSyncProvider/SqlCeSyncProvider)。

离线提供商不使用scope_xxx表,因此您找不到它。

假设您在通过向导配置同步时使用了默认的 SQL Server 更改跟踪,请尝试向用于连接数据库的帐户授予“查看更改跟踪”权限。

there are two types of database providers in Sync Framework, the offline provider (SqlCeClientSyncProvider/DbServerSyncProvider) which is used by the Local Database Cache project item and the collaboration/peer-to-peer provider (SqlSyncProvider/SqlCeSyncProvider).

the offline providers dont use the scope_xxx tables as such you wont find it.

assuming you used the default SQL Server Change Tracking when you configured the sync via the wizard, try granting VIEW CHANGE TRACKING permission to the account you're using to connect to the database.

回复 原文
我做我的改变 2024-12-21 09:39:05

我不确定它是否有帮助,但我发现

尝试在 SyncTable 对象上设置 UploadOnly。当您在 SyncAdapterBuidler 上设置它时,构建器不会生成选择增量命令。这些命令用于从数据库获取表模式。由于缺少这些,您将收到架构错误。

另外,也许博客条目会有所帮助。

I'm not sure if it will help, but I found this:

Try to set UploadOnly on the SyncTable object instead. When you set it on the SyncAdapterBuidler, the select incremental commands are not generated by the builder. These commands are used to get the table schema from the database. Since these are missing you are getting the schema error.

Also, maybe this blog entry will help.

回复 原文
野の 2024-12-21 09:39:05

正如 JuneT 提到的,您应该打开更改跟踪

ALTER DATABASE YourDataBaseName  
SET CHANGE_TRACKING = ON  
(CHANGE_RETENTION = 2 DAYS, AUTO_CLEANUP = ON)

As JuneT Mentioned, you should turn on Change Tracking

ALTER DATABASE YourDataBaseName  
SET CHANGE_TRACKING = ON  
(CHANGE_RETENTION = 2 DAYS, AUTO_CLEANUP = ON)
回复 原文
~没有更多了~

关于作者

眼眸里的那抹悲凉

暂无简介

0 文章
0 评论
821 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

離殇

文章 0 评论 0

小姐丶请自重

文章 0 评论 0

Aik

文章 0 评论 0

国产ˉ祖宗

文章 0 评论 0

猥琐帝

文章 0 评论 0

半仙

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文