热门标签 | HotTags
当前位置:  开发笔记 > 编程语言 > 正文

REVERT权限切换的操作步骤和注意事项

本文介绍了在SQLServer中进行REVERT权限切换的操作步骤和注意事项。首先登录到SQLServer,其中包括一个具有很小权限的普通用户和一个系统管理员角色中的成员。然后通过添加Windows登录到SQLServer,并将其添加到AdventureWorks数据库中的用户列表中。最后通过REVERT命令切换权限。在操作过程中需要注意的是,确保登录名和数据库名的正确性,并遵循安全措施,以防止权限泄露和数据损坏。

首先,我们登录到SQL Server.其中,有一个是具有很小权限的普通用户,另一个是系统管理员角色中的一个成员。

USE master
GO
--Add Windows logins to SQL Server
IF NOT EXISTS (SELECT * FROM sys.syslogins WHERE name = 'PC-201102041156\qanholas')
CREATE LOGIN [PC-201102041156\qanholas]
FROM WINDOWS
WITH DEFAULT_DATABASE = qanholas
IF NOT EXISTS (SELECT * FROM sys.syslogins WHERE name = 'PC-201102041156\DBA')
CREATE LOGIN [PC-201102041156\DBA]
FROM WINDOWS
WITH DEFAULT_DATABASE = qanholas



USE qanholas
--Add the new logins to the AdventureWorks database
CREATE USER qanholas FOR LOGIN [PC-201102041156\qanholas]
CREATE USER dba FOR LOGIN [PC-201102041156\DBA]
--Add SQLDBA Windows account to the db_owner role
EXEC sp_addrolemember 'db_owner', 'dba'
GO




--Create procedure that executes a SELECT with a BACKUP DATABASE command
CREATE PROCEDURE dbo.DisplayContextwithRevert
WITH EXECUTE AS CALLER
AS
--The user will only be granted permission to do this section of the code
SELECT * FROM ip
--We will just display the execution context of the user executing this section of the code for demonstration
SELECT CURRENT_USER AS UserName;
--We will switch execution context to a more privileged user to do this portion of the code
EXECUTE AS USER='dba';
BACKUP DATABASE qanholas TO DISK='C:\qanholas.BAK' WITH INIT, STATS=10;
--We will just display the execution context of the user executing this section of the code
SELECT CURRENT_USER AS UserName;
--We will revert to the execution context of the original caller to limit the privileges back
REVERT;
SELECT * FROM ip
SELECT CURRENT_USER AS UserName;
GO



USE qanholas;


GRANT EXECUTE ON dbo.DisplayContextwithRevert TO qanholas
GRANT SELECT ON ip TO qanholas
GO
-- Grant the IMPERSONATE permission on the SQLUser1 user so it can switch execution context to SQLDBA
GRANT IMPERSONATE ON USER:: dba TO qanholas

转:https://www.cnblogs.com/qanholas/archive/2011/08/05/2128221.html



推荐阅读
author-avatar
被遗忘的孩子1995
这个家伙很懒,什么也没留下!
PHP1.CN | 中国最专业的PHP中文社区 | DevBox开发工具箱 | json解析格式化 |PHP资讯 | PHP教程 | 数据库技术 | 服务器技术 | 前端开发技术 | PHP框架 | 开发工具 | 在线工具
Copyright © 1998 - 2020 PHP1.CN. All Rights Reserved | 京公网安备 11010802041100号 | 京ICP备19059560号-4 | PHP1.CN 第一PHP社区 版权所有