如何使用 SQL 语句为案例 1 和 2 执行以下配置?
案例1:Azure SQL托管实例中有多个数据库DB1、DB2、DB3...如何新建一个只能访问DB1的数据库用户User1,对这个用户隐藏其他数据库(即当User1打开SQL Server Management Studio 中的数据库服务器只向他显示 DB1)同时,User1 需要具有对 DB1 执行以下操作的权限:
- 创建表
- 添加列
- 对表的 CRUD 访问
案例2:如果多个数据库DB1,DB2,DB3,...是单个数据库(不在托管实例中)如何进行与案例1类似的配置,即User1只能看到具有上述权限的DB1?
我尝试了以下问题的解决方案: 如何在 SQL Azure 数据库中创建新用户?
CREATE LOGIN User1 WITH password='Test1234';
CREATE USER User1 FROM LOGIN User1;
但随后 User1 可以看到所有数据库。
+++++++++++++++++++++++++++++++++++
第一次更新:
基于@Nick.McDermaid 参考资料(非常感谢),我尝试遵循 SQL 语句并且它们正在工作:
--the below statement grant user1 access to the database, it's working:
CREATE USER user1 WITH PASSWORD = 'Test1234';
--the below 4 statements grant user1 CRUD privilege on all tables, it's working:
GRANT SELECT TO user1;
GRANT INSERT TO user1;
GRANT UPDATE TO user1;
GRANT DELETE TO user1;
但是在授予创建表和添加列时遇到问题:
--intend to grant user1 creating table privilege, commands completed successfully, but when trying to create a table return below error:
--Microsoft SQL: The specified schema name "dbo" either does not exist or you do not have permission to use it.
GRANT CREATE TABLE TO user1;
--intend to grant user1 adding columns privilege, but Azure SQL return below error:
--Incorrect syntax near 'ALTER'.
GRANT ALTER TABLE TO user1;
+++++++++++++++++++++++++++++++++++
第二次更新:
我的最终 SQL 语句是:
CREATE USER [user1] WITH PASSWORD=N'Test1234'
GO
CREATE ROLE [test_role]
GO
ALTER ROLE [test_role] ADD MEMBER [user1];
GO
ALTER ROLE [db_ddladmin] ADD MEMBER [test_role];
GO
ALTER ROLE [db_datawriter] ADD MEMBER [test_role];
GO
ALTER ROLE [db_datareader] ADD MEMBER [test_role];
GO