SQL Server : can you limit access to only one tabl

2019-01-23 04:36发布

I think the answer is no but I'm looking to give someone access to a SQL Server database but I only really want them to have access to one table.

It's easy enough to limit someone to only access one database but have no idea if I can limit to a single table.

My thoughts were to create another database with a synonym to the other table and then limit the access to that database but I wondered if someone could think of a better way.

I'm also not convinced that it will work as I think there will be a conflict of permissions.

7条回答
Viruses.
2楼-- · 2019-01-23 04:36

The better way is creating securable for that specific table. IT will ask you what are you going to secured; table, view, database. Then you choose the specific table to secure and exclude that user from that table.

查看更多
太酷不给撩
3楼-- · 2019-01-23 04:37

Certainly. GRANT the permissions you want.

When you give a user access to a database, look at the roles they are assigned and what rights those roles have.

The problem is that people generally grant too broad permissions in the beginning.

查看更多
ゆ 、 Hurt°
4楼-- · 2019-01-23 04:44
GRANT SELECT ON [SchemaName].[TableName] to [UserName]
查看更多
Luminary・发光体
5楼-- · 2019-01-23 04:44

Sure you can. After creating the user and giving them access to the database, grant only select access (or whatever level they need) to that table.

查看更多
萌系小妹纸
6楼-- · 2019-01-23 04:45

Yes.

exec sp_msforeachtable "DENY SELECT ON '?' TO [username];"
GO

GRANT SELECT ON [schemaName].[tableName] to [username]
Go 

While that works, you would probably be better off managing permissions using roles and AD groups.

查看更多
何必那么认真
7楼-- · 2019-01-23 04:54

The problem with looping through all tables and denying access would be if you add a new table.

The important thing is to not give the user 'db_datareader' access to the whole database. Using the UI you can use the User Mapping tab under the login, you can create the user with 'public' access only. Then you can go to the database and grant that user SELECT access to the particular table (by clicking the oddly named "Search" button under Securables tab).

This approach would work with script also of course.

查看更多
登录 后发表回答