1,将访问Object的权限授予Database Role 或 User 的语法如下
GRANT <permission> [ ,...n ] ON [ OBJECT :: ][ schema_name ]. object_name [ ( column [ ,...n ] ) ] TO [Database_user | Database_role] [ ,...n ] [ WITH GRANT OPTION ]
An object is a schema-level securable contained by the schema that is its parent in the permissions hierarchy. The most specific and limited permissions that can be granted on an object are listed in the following table, together with the more general permissions that include them by implication.
Object Permission 是使用该语句能够授予的Permission,而
| Object permission | Implied by object permission | Implied by schema permission |
|---|---|---|
| ALTER | CONTROL | ALTER |
| CONTROL | CONTROL | CONTROL |
| DELETE | CONTROL | DELETE |
| EXECUTE | CONTROL | EXECUTE |
| INSERT | CONTROL | INSERT |
| RECEIVE | CONTROL | CONTROL |
| REFERENCES | CONTROL | REFERENCES |
| SELECT | RECEIVE | SELECT |
| TAKE OWNERSHIP | CONTROL | CONTROL |
| UPDATE | CONTROL | UPDATE |
| VIEW CHANGE TRACKING | CONTROL | VIEW CHANGE TRACKING |
| VIEW DEFINITION | CONTROL | VIEW DEFINITION |
Examples
A. Grant SELECT permission to user RosaQdM on table Person.Address.
GRANT SELECT ON OBJECT::Person.Address TO RosaQdM;
B. Grants EXECUTE permission on stored procedure HumanResources.uspUpdateEmployeeHireInfo to an database role called Recruiting11.
GRANT EXECUTE ON OBJECT::HumanResources.uspUpdateEmployeeHireInfo TO Recruiting11;
C.Grant REFERENCES permission on column BusinessEntityID in view HumanResources.vEmployee to user Wanida with GRANT OPTION.
GRANT REFERENCES (BusinessEntityID) ON OBJECT::HumanResources.vEmployee TO Wanida WITH GRANT OPTION;
D.Grant EXECUTE permission on procedure uspGetBillOfMaterials to a database role
GRANT EXECUTE ON dbo.uspGetBillOfMaterials TO newrole ;
参考doc:
GRANT Object Permissions (Transact-SQL)