Add the account used by the application in sql Server
In previous customer consultation cases, many customer applications directly used SA accounts to connect to SQL Server. If the database management is a little stricter, the application should not be given this kind of permission. Usually the application only needs to perform additions, deletions, modifications, and queries, but rarely DDL operations. Therefore, the principle of "least privilege allocation" should be followed when configuring accounts. Grant the required permissions.
For applications, the minimum permissions are usually given to read permissions, write permissions and execute stored procedure permissions. In order to prevent database information leakage caused by SQL injection, you also need to consider denying the account permission to view definitions. However, it is worth noting that if the permission to view definitions is denied, Bulk Insert will fail. The complete permission definition is as follows:
ALTER ROLE [db_datareader] ADD MEMBER 用户名 ALTER ROLE [db_datawriter] ADD MEMBER 用户名 grant execute to 用户名 deny view definition to 用户名
In SQL Server, the instance level is the login name, while the database level is the user name. The login name can be mapped to a specific library after creation. Therefore, I wrote a complete script to create login names, users, and grant corresponding permissions. The script is as follows:
--创建用户的存储过程, --示例EXEC sp_CreateUser 'UserName','rw','DatabaseName' --EXEC sp_CreateUser 'tesefx','r','Test','0xE39CA97EBE03BB4CA5FF78E50374EEBB' CREATE PROC sp_CreateUser @loginName VARCHAR(50) , @IsWrite VarCHAR(3) , @DatabaseName VARCHAR(50), @Sid VARCHAR(100) ='1' AS PRINT('示例:EXEC sp_CreateUser ''UserName'',''rw'',''DatabaseName''') PRINT('示例:EXEC sp_CreateUser ''UserName'',''rwv'',''DatabaseName'',''0xE39CA97EBE03BB4CA5FF78E50374EEBB''') PRINT('r为只读权限,rw为读写权限,rwv为读写加View Definition权限') IF EXISTS ( SELECT name FROM sys.syslogins WHERE name = @loginName ) BEGIN PRINT N'登录名已存在,跳过创建登录名步骤' END ELSE BEGIN DECLARE @CreateLogin NVARCHAR(1000) DECLARE @pwd VARCHAR(50) PRINT @Sid SET @pwd=NEWID() IF(@sid='1') BEGIN SET @CreateLogin = 'CREATE LOGIN [' + @loginName + '] WITH PASSWORD=N''' + @Pwd + ''', DEFAULT_DATABASE=[master], CHECK_EXPIRATION=OFF, CHECK_POLICY=OFF;' PRINT N'登录名已创建,密码为:'+@pwd END ELSE BEGIN SET @CreateLogin = 'CREATE LOGIN [' + @loginName + '] WITH PASSWORD=N''' + @Pwd + ''', DEFAULT_DATABASE=[master], CHECK_EXPIRATION=OFF, CHECK_POLICY=OFF,sid='+@Sid+';' PRINT N'已经使用SID创建登录名:'+@loginName END EXEC (@CreateLogin) --DECLARE @sidtemp NVARCHAR(50) --SELECT @sidtemp=sid FROM sys.server_principals WHERE name=@loginName --PRINT(N'登录名为:'+@loginName+N' SID为: 0x'+CONVERT(VARCHAR(50), @sidtemp, 2) ) END DECLARE @DynamicSQL NVARCHAR(1000) --切换数据库上下文 SET @DynamicSQL = N'Use [' + @DatabaseName + ']; ' + 'IF EXISTS(SELECT name FROM sys.database_principals WHERE name='''+@loginName+''') Begin Print(''用户名已存在,跳过创建用户名的步骤'') end else begin CREATE USER [' + @loginName + '] FOR LOGIN ' + @loginName + ' end;IF (''' + @IsWrite + '''=''rw'' or ''' + @IsWrite + '''=''rwv'') BEGIN ALTER ROLE [db_datareader] ADD MEMBER ' + @loginName + ';ALTER ROLE [db_datawriter] ADD MEMBER ' + @loginName + '; END ELSE BEGIN ALTER ROLE [db_datareader] ADD MEMBER ' + @loginName + '; ALTER ROLE db_datawriter DROP MEMBER ' + @loginName + ' ;End;grant execute to ' + @loginName + '; if('''+@IsWrite+'''<>''rwv'') begin deny view definition to ' + @loginName + '; end else begin grant view definition to ' + @loginName + '; end' EXEC (@DynamicSQL)
This stored procedure is used to create the login name, user, and corresponding permissions required for the application to connect to SQL Server. This step will be skipped when the user or login name exists. An example of using this stored procedure is:
EXEC sp_CreateUser 'UserName','rw','DatabaseNam' EXEC sp_CreateUser 'tesefx','r','Test','0xE39CA97EBE03BB4CA5FF78E50374EEBB'
The first line of the above execution is to create a standard account, the account name UserName, and give it read and write access to the DatabaseNam library permissions and returns the generated GUID password. The second stored procedure uses the fourth parameter sid to create a login name. Since in AlwaysOn or mirroring environments, the login names at both ends need to have the same SID, a method is provided to create a login name using SID in this case.
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1664
14
1422
52
1316
25
1267
29
1239
24
What software is microsoft sql server?
Feb 28, 2023 pm 03:00 PM
Microsoft SQL Server is a relational database management system launched by Microsoft. It is a comprehensive database platform that uses integrated business intelligence (BI) tools to provide enterprise-level data management. It is easy to use, has good scalability, and has a high degree of integration with related software. High advantages. The SQL Server database engine provides more secure and reliable storage functions for relational data and structured data, allowing users to build and manage highly available and high-performance data applications for business.
How to connect to a Microsoft SQL Server database using PDO
Jul 29, 2023 pm 01:49 PM
Introduction to how to use PDO to connect to a Microsoft SQL Server database: PDO (PHPDataObjects) is a unified interface for accessing databases provided by PHP. It provides many advantages, such as implementing an abstraction layer of the database and making it easy to switch between different database types without modifying a large amount of code. This article will introduce how to use PDO to connect to a Microsoft SQL Server database and provide some related code examples. step
PHP and SQL Server database development
Jun 20, 2023 pm 10:38 PM
With the popularity of the Internet, website and application development has become the main business of many companies and individuals. PHP and SQLServer database are two very important tools. PHP is a server-side scripting language that can be used to develop dynamic websites; SQL Server is a relational database management system developed by Microsoft and has a wide range of application scenarios. In this article, we will discuss the development of PHP and SQL Server, as well as their advantages, disadvantages and application methods. First, let's
SQL Server or MySQL? New research reveals the best database choices.
Sep 08, 2023 pm 04:34 PM
SQLServer or MySQL? The latest research reveals the best database selection. In recent years, with the rapid development of the Internet and big data, database selection has become an important issue faced by enterprises and developers. Among many databases, SQL Server and MySQL, as the two most common and widely used relational databases, are highly controversial. So, between SQLServer and MySQL, which one should you choose? The latest research sheds light on this problem for us. First, let
A brief analysis of five methods of connecting SQL Server with PHP
Mar 21, 2023 pm 04:32 PM
In web development, the combination of PHP and MySQL is very common. However, in some cases, we need to connect to other types of databases, such as SQL Server. In this article, we will cover five different ways to connect to SQL Server using PHP.
SQL Server vs. MySQL: Which database is more suitable for high availability architecture?
Sep 10, 2023 pm 01:39 PM
SQL Server vs. MySQL: Which database is more suitable for high availability architecture? In today's data-driven world, high availability is one of the necessities for building reliable and stable systems. As the core component of data storage and management, the database's high availability is crucial to the business operation of the enterprise. Among the many databases, SQLServer and MySQL are common choices. So in terms of high availability architecture, which database is more suitable? This article will compare the two and give some suggestions.
SQL Server vs. MySQL comparison: Which one is better for large-scale data processing?
Sep 09, 2023 am 09:36 AM
SQLServer and MySQL are currently two very popular relational database management systems (RDBMS). They are both powerful tools for storing and managing large-scale data. However, they have some differences in handling large-scale data. This article will compare SQL Server and MySQL, focusing on their suitability for large-scale data processing. First, let us understand the basic characteristics of SQLServer and MySQL. SQLServer is developed by Microsoft
SQL Server and MySQL compete, how to choose the best database solution?
Sep 10, 2023 am 08:07 AM
With the continuous development of the Internet, database selection has become increasingly important. Among the many databases, SQLServer and MySQL are two high-profile options. SQLServer is a relational database management system developed by Microsoft, while MySQL is an open source relational database management system. So how to choose the best database solution between SQLServer and MySQL? First, we can compare these two databases in terms of performance. SQLServer is processing
