Question

我必须根据以下陈述回答一些问题。最初，用户A是关系R的所有者，没有其他用户拥有R的权限。执行以下操作：

By A: GRANT INSERT ON R TO B WITH GRANT OPTION;
By B: GRANT INSERT ON R TO C WITH GRANT OPTION;
By C: GRANT INSERT ON R TO D WITH GRANT OPTION;
By D: GRANT INSERT ON R TO B WITH GRANT OPTION;
By B: REVOKE INSERT ON R FROM C CASCADE;

问题是：当D授予B特权时会发生什么，但它们已经存在？在最后一行执行后，用户仍拥有权限？

Answer 1

这是一个可以帮助您自己确定答案的脚本。

-- setup
CREATE USER A WITHOUT LOGIN;
ALTER ROLE db_securityadmin ADD MEMBER A;
CREATE USER B WITHOUT LOGIN;
CREATE USER C WITHOUT LOGIN;
CREATE USER D WITHOUT LOGIN;

CREATE TABLE R (rid INT);

EXECUTE AS USER = 'A';
GRANT INSERT ON R TO B WITH GRANT OPTION;
REVERT;
SELECT user_name(grantee_principal_id), 
    user_name(grantor_principal_id), 
    permission_name, state_desc
FROM sys.database_permissions
where major_id = object_id('dbo.R');

EXECUTE AS USER = 'B';
GRANT INSERT ON R TO C WITH GRANT OPTION;
REVERT;
SELECT user_name(grantee_principal_id), 
    user_name(grantor_principal_id), 
    permission_name, state_desc
FROM sys.database_permissions
where major_id = object_id('dbo.R');

EXECUTE AS USER = 'C';
GRANT INSERT ON R TO D WITH GRANT OPTION;
REVERT;
SELECT user_name(grantee_principal_id), 
    user_name(grantor_principal_id), 
    permission_name, state_desc
FROM sys.database_permissions
where major_id = object_id('dbo.R');

EXECUTE AS USER = 'D';
GRANT INSERT ON R TO B WITH GRANT OPTION;
REVERT;
SELECT user_name(grantee_principal_id), 
    user_name(grantor_principal_id), 
    permission_name, state_desc
FROM sys.database_permissions
where major_id = object_id('dbo.R');

EXECUTE AS USER = 'B';
REVOKE INSERT ON R FROM C CASCADE;
REVERT;
SELECT user_name(grantee_principal_id), 
    user_name(grantor_principal_id), 
    permission_name, state_desc
FROM sys.database_permissions
where major_id = object_id('dbo.R');

-- tear down
DROP TABLE R;
DROP USER D;
DROP USER C;
DROP USER B;
DROP USER A;

不要立即运行它 - 运行每个授权，然后检查R之后的权限是什么样的。此外，您现在可以使用工具来探索其他方案！

SQL授予用户已存在的权限/撤消它们

1 个答案: