0

I am having trouble granting permissions to users of my database. For instance, I cannot seem to get my user SELECT privileges no matter how many securables and memberships I give it. I started by giving the user select permission database>security>Users>Properties>securables and giving it db_datareader membership. After this did not work I added the user to all of the memberships and granted him all permissions available in the securables section. After that failed, I gave the user all permissions available in the security>login>properties, I added the login to all server roles accept sysadmin and gave the user ownership of all schemas in the database I want him to access. Still I get this same error below:

 The SELECT permission was denied on object 'Patient_Information', database 'Clinical_Data', schema 'dbo'

When I add the login to the role sysadmin, the user that it is mapped to has no problem doing selects, inserts and basically anything else. The weird thing is that when I look into database>properties>Permissions the user does not have any of the permissions that I have granted him in the securables section. Here is the code I use to grant:

 USE Clinical_Data; GRANT Select on schema::DBO to lab31

Thanks in advance for any help you can provide.

4

1 回答 1

4

我通常创建一个数据库角色并将用户分配给该角色。将架构权限分配给数据库角色。下面是一个使用虚构数据库代码的快速示例。

-- 
-- 1 - GRANTING CORRECT USER ACCESS BY SCHEMA
-- 

--create test user login
CREATE LOGIN [User1] WITH PASSWORD=N'p@55w0rd'
GO

-- Make sure we are in autos
USE [AUTOS]
GO

--create user in test database
CREATE USER [User1] FOR LOGIN [User1] WITH DEFAULT_SCHEMA=[ACTIVE]
GO

--create role
CREATE ROLE [Auto_User] AUTHORIZATION [dbo]
GO

--apply permissions to schemas
GRANT ALTER ON SCHEMA::[ACTIVE] TO [Auto_User]
GO

GRANT CONTROL ON SCHEMA::[ACTIVE] TO [Auto_User]
GO

GRANT SELECT ON SCHEMA::[ACTIVE] TO [Auto_User]
GO

--ensure role membership is correct
EXEC sp_addrolemember N'Auto_User', N'User1'
GO

如果您对 SQL Server Management Studio 更满意,可以试试。所有操作可能并不准确,但我确实使用 SS 2012 进行了检查。

假设您的登录名是 [bilbo],而他们要访问的数据库是 [middle earth]。

  1. 服务器登录的默认数据库 = [bilbo] 他们试图查询的数据库,[middle earth]?

    【短信对象浏览器路径】:服务器->安全->登录->右键+属性

  2. 服务器登录是否映射到 [middle earth] 数据库中名为 [bilbo] 的数据库用户?

    【短信对象浏览器路径】:数据库名->安全->用户

  3. 确保用户 [bilbo] 没有处于任何拒绝数据库角色(db_denydatareader、db_denydatawriter)。任何拒绝操作都会优先于任何授权。

    【短信对象浏览器路径】:数据库名称->安全->角色->数据库角色->选择+右键+属性

    {您将在此处添加您的自定义数据库角色。}

  4. 确保用户 [bilbo] 对架构具有权限。

    【短信对象浏览器路径】:数据库名->安全->模式->选择+右键+属性

这应该给你土地的布局。

找到违规的撤销或缺少权限并分配它。

请不要给出所有服务器角色或所有数据库角色! 当用户执行一些愚蠢的操作(例如 drop table)时,您只是在要求头痛。

于 2013-10-01T21:14:24.940 回答