现在如果创建一个如下的登录。
USE [master]
GO
CREATE LOGIN [userx] WITH PASSWORD=N'P@ssw0rd', DEFAULTDATABASE=[master], DEFAULTLANGUAGE=[usenglish], CHECKEXPIRATION=OFF, CHECK_POLICY=OFF
GO
ALTER LOGIN [userx] Enable
GO
/then created a user inside a database with only the public role:/
USE [test]
GO
CREATE USER [userx] FOR LOGIN [userx]
GO
/ then created a database role with the below securables:/
CREATE ROLE [db_executer]
GO
use [test]
GO
GRANT EXECUTE TO [dbexecuter]
GO
use [test]
GO
DENY DELETE TO [dbexecuter]
GO
use [test]
GO
DENY INSERT TO [dbexecuter]
GO
use [test]
GO
DENY UPDATE TO [dbexecuter]
GO
/then assigned the user to that created role:/
USE [test]
GO
ALTER ROLE [db_executer] ADD MEMBER [userx]
GO
/ and created the below simple table and SPs:/
USE [test]
GO
create table t1
(
id int
)
go
create proc t1read
as
begin
select * from t1
end
go
create proc t1write
as
begin
insert into t1
select 2
end
GO
create proc t1delete
as
begin
delete t1
end
go
create proc t1update
as
begin
update t1 set id=10
end
现在,当打开一个新的连接与userx,我可以执行所有的SP和读取,写入和删除数据的底层表,只有执行授予的数据库和拒绝写删除插入整个数据库。
附上 userx 的权限和公共角色的截图
现在我将更进一步,如果我明确地拒绝在表本身上删除updateinsert。
use [test]
GO
DENY DELETE ON [dbo].[t1] TO [dbexecuter]
GO
use [test]
GO
DENY INSERT ON [dbo].[t1] TO [dbexecuter]
GO
use [test]
GO
DENY UPDATE ON [dbo].[t1] TO [db_executer]
GO
-- 我仍然可以执行(userx)所有更新更新插入的SPs
注:我使用的是SQL Server 2014 CU-GDR。
当然,这不是一个错误。
那是所有权链 That's Ownership Chaining. 这里有记载 Procedural Code and Ownership Chaining.
而且它一直是SQL Server的一个基本的(有用的)安全行为。 如果你想禁用它,只需将存储过程放在一个与表不同的用户所拥有的模式中。
这个想法(其他RDBMS也有相同的想法,但实现方式不同)是,如果我不用给用户直接对表的CRUD访问权,那就更安全了,而且在你的存储过程上给他们EXECUTE,然后还得在你的表上给他们权限,这是多余的。