1

我有三张桌子MST_EMployeeMST_ProfitCenterMapping_Employee_ProfitCenter。我想在表上设置行级安全性Mapping_Employee_ProfitCenter

我正在执行以实现的步骤:

第 1 步:创建表值函数:

CREATE FUNCTION [RLS].[fn_CanSeeMapping] ( @UserName AS sysname )
RETURNS TABLE
WITH SCHEMABINDING 
AS
   RETURN
        (SELECT 1 AS 'CanSee' 
         WHERE @UserName IN (SELECT emp.ATTRFirstName  
                             FROM dbo.MAPPING_Employee_ProfitCenter map 
                             INNER JOIN dbo.MST_Employee emp ON map.FK_Employee_ID = emp.Id
                             WHERE emp.ATTRFirstName = USER_NAME())

第 2 步:安全策略在映射表上创建和添加过滤器,并将用户名作为参数传递,其 id 存在于映射表中。

CREATE SECURITY POLICY [dbo].[Security_Policy] 
ADD FILTER PREDICATE [RLS].[fn_CanSeeMapping]([FK_Employee_ID]) ON  [dbo].[MAPPING_Employee_ProfitCenter] 

ALTER SECURITY POLICY [dbo].[Security_Policy] WITH (STATE = ON)

现在,当我执行以下查询而不是为用户“User1”提供记录时,它是为所有用户提供的。

EXEC ('select * from MAPPING_Employee_ProfitCenter') as user='User1'

如果有人知道如何处理这种情况,请帮助我。

谢谢!

4

1 回答 1

0

尝试以下,这应该是适当的语法:

EXECUTE AS USER = 'User1';  
select * from MAPPING_Employee_ProfitCenter;   
REVERT;
于 2018-04-09T09:44:04.453 回答