zoukankan      html  css  js  c++  java

  • 记一次权限分配的问题

    权限管理一直都是没那么容易做好的一部分,权限要管理的精致就更难了,今天就碰到一个有意思的事情,写篇文章记录下吧。

    环境介绍:

    You administer a SQL Server 2012 server that contains a database named SalesDB. SalesDb contains a
    schema named Customers that has a table named Regions. A user named UserA is a member of a role
    named Sales.
    UserA is granted the Select permission on the Regions table. The Sales role is granted the Select
    permission on the Customers schema.
    You need to ensure that the Sales role, including UserA, is disallowed to select from any of the tables in
    the Customers schema.
    Which Transact-SQL statement should you use?
    A. REVOKE SELECT ON Schema::Customers FROM UserA
    B. DENY SELECT ON Object::Regions FROM UserA
    C. EXEC sp_addrolemember 'Sales', 'UserA'
    D. DENY SELECT ON Object::Regions FROM Sales
    E. REVOKE SELECT ON Object::Regions FROM UserA
    F. DENY SELECT ON Schema::Customers FROM Sales
    G. DENY SELECT ON Schema::Customers FROM UserA
    H. EXEC sp_droprolemember 'Sales', 'UserA'
    I. REVOKE SELECT ON Object::Regions FROM Sales
    J. REVOKE SELECT ON Schema::Customers FROM Sales

    给出的答案是选F,其实我觉得J也可以的呀,不知道为啥不选?看到的请帮忙解释下

    F选项就是直接给”拒绝“就行了,J就是取消之前的设置,好吧这个告一段落,下面说另一个问题。

    我发现一个用户:UserB 可以查看数据库: SalesDB里面所有的表,然后我查询了该用户的权限,截图如下:

    除了UserB隶属于sales_1之外没有任何的权限,但是我打开sales_1并没有发现什么东西,感觉很奇怪,最终纠结了一下发现,其实sales_1已经有SalesDB的”Select“权限了,只是我们看不到,可以在下图的SalesDB属性-----权限里面看到,其实我疑惑的是为什么不在Sales_1属性里面的Securables显示出来?
  • 相关阅读:
    hdu 1015 Safecracker 暴力搜索
    hdu 1239 Calling Extraterrestrial Intelligence Again 枚举
    hdu 3747 Download 菜鸟杯
    hdu 3744 A Runing Game 菜鸟杯
    Request.QueryString 使用时候应该注意的地方。
    图片 上一张 下一张 链接效果
    ASP.NET 输出缓存的移除
    RSS 消费
    RSS 订阅功能的实现
    创建型模式单件模式(1)
  • 原文地址:https://www.cnblogs.com/ziqiumeng/p/10709156.html
Copyright © 2011-2022 走看看