在MSSQL中,我需要授予用户什么权限才能够截断表?
我试图授予最小的权限集合,但是我不能使用DELETE,因为表很大,而且我希望操作快速。
在MSSQL中,我需要授予用户什么权限才能够截断表?
我试图授予最小的权限集合,但是我不能使用DELETE,因为表很大,而且我希望操作快速。
with execute as owner
语法:create procedure dbo.TruncTable
with execute as owner
as
truncate table TheTable
go
然后授予需要截断该表的人执行权限:
grant execute on TruncTable to TheUser
TheUser
可以像这样截断表格:exec dbo.TruncTable
不要授权,隐藏...
CREATE TRIGGER TRG_MyTable_Foo
WITH EXECUTE AS OWNER
INSTEAD OF DELETE
AS
IF CONTEXT_INFO() = 0x9999
BEGIN
TRUNCATE TABLE MyTable
SET CONTEXT_INFO 0x00
END
GO
SET CONTEXT_INFO 0x9999
DELETE MyTable WHERE 1=0
使用SET CONTEXT_INFO毫无疑问比普通DELETE和TRUNCATE TABLE更好地进行分离。
我还没有尝试过这个...
编辑:改用SET CONTEXT_INFO。
SET CONTEXT_INFO
是必须的,以避免出现不愉快的意外! - Martin Smith您可以创建一个使用所有者身份执行的存储过程,仅针对一个表或任何表格创建存储过程:
CREATE PROCEDURE [dbo].[spTruncate]
@nameTable varchar(60)
WITH EXECUTE AS OWNER
AS
SET NOCOUNT OFF;
DECLARE @QUERY NVARCHAR(200);
SET @QUERY = N'TRUNCATE TABLE ' + @nameTable + ';'
EXECUTE sp_executesql @QUERY;
DECLARE @nameTable VARCHAR(60) = 'SomeTable; DROP DATABASE YourDatabase; --'; EXECUTE dbo.spTruncate @nameTable; GO
更多信息请参见:https://security.stackexchange.com/questions/128412/sql-injection-is-17-years-old-why-is-it-still-around - Graeme