下载文档原格式
大多数服务及其属性可通过使用SQL Server 配置管理器进行配置。
以下是在C 盘安装Windows 的情况下最新的四个版本的路径。
安装的服务SQL Server根据您决定安装的组件,SQL Server 安装程序将安装以下服务:∙SQL Server Database Services - 用于SQL Server 关系数据库引擎的服务。
可执行文件为<MSSQLPATH>\MSSQL\Binn\sqlservr.exe。
∙SQL Server 代理 - 执行作业、监视SQL Server、激发警报以及允许自动执行某些管理任务。
SQL Server 代理服务在SQL Server Express 的实例上存在,但处于禁用状态。
可执行文件为<MSSQLPATH>\MSSQL\Binn\sqlagent.exe。
∙Analysis Services - 为商业智能应用程序提供联机分析处理(OLAP) 和数据挖掘功能。
可执行文件为<MSSQLPATH>\OLAP\Bin\msmdsrv.exe。
∙Reporting Services - 管理、执行、创建、计划和传递报表。
可执行文件为<MSSQLPATH>\ReportingServices\ReportServer\Bin\ReportingServicesService.exe。
∙Integration Services - 为Integration Services 包的存储和执行提供管理支持。
可执行文件的路径是<MSSQLPATH>\130\DTS\Binn\MsDtsSrvr.exe ∙SQL Server Browser - 向客户端计算机提供SQL Server 连接信息的名称解析服务。
可执行文件的路径为c:\Program Files (x86)\Microsoft SQLServer\90\Shared\sqlbrowser.exe∙全文搜索 - 对结构化和半结构化数据的内容和属性快速创建全文索引,从而为SQL Server 提供文档筛选和断字功能。
Top Level Server PermissionsDatabase Level PermissionsALTER ANY APPLICATION ROLE ALTER ANY ASSEMBLY ALTER ANY ASYMMETRIC KEY ALTER ANY CERTIFICATE ALTER ANY CONTRACTALTER ANY DATABASE AUDIT ALTER ANY DATABASE DDL TRIGGERALTER ANY DATABASE EVENT NOTIFICATION ALTER ANY DATASPACEALTER ANY FULLTEXT CATALOGALTER ANY MESSAGE TYPEALTER ANY REMOTE SERVICE BINDING ALTER ANY ROLE ALTER ANY ROUTE ALTER ANY SCHEMA ALTER ANY SERVICE ALTER ANY SYMMETRIC KEYALTER ANY USER –See Connect and Authentication –Database Permissions ChartCREATE AGGREGATE CREATE DEFAULT CREATE FUNCTION CREATE PROCEDURE CREATE QUEUE CREATE RULE CREATE SYNONYM CREATE TABLE CREATE TYPE CREATE VIEWCREATE XML SCHEMA COLLECTIONTop Level Database PermissionsCONTROL ON DATABASE::<name>CREATE ASSEMBLY CREATE ASYMMETRIC KEY CREATE CERTIFICATE CREATE CONTRACTCREATE DATABASE DDL EVENT NOTIFICATIONCREATE FULLTEXT CATALOG CREATE MESSAGE TYPECREATE REMOTE SERVICE BINDING CREATE ROLE CREATE ROUTE CREATE SCHEMA CREATE SERVICE CREATE SYMMETRIC KEYAUTHENTICATE BACKUP DATABASE BACKUP LOG CHECKPOINTCONNECT REPLICATION DELETE EXECUTE INSERT REFERENCES SELECT UPDATEVIEW DEFINITION TAKE OWNERSHIP SHOWPLANSUBSCRIBE QUERY NOTIFICATIONS VIEW DATABASE STATECONTROL SERVERCONNECT DATABASESTATEMENTS:CREATE DATABASE AUDIT SPECIFICATION CREATE/ALTER/DROP database triggersPARTITION & PLAN GUIDE statementsSTATEMENTS:Combined with TRUSTWORTHY allows delegation of authentication BACKUP DATABASE BACKUP LOG CHECKPOINTCREATE ANY DATABASE ALTER ANY DATABASEALTER ANY SERVER AUDIT ALTER ANY EVENT NOTIFICATIONAUTHENTICATE SERVERVIEW ANY DEFINITIONALTER TRACEVIEW SERVER STATE STATEMENTS:Applies to subordinate objects in the database. See Database Permissions –Schema Objects chart.TAKE OWNERSHIP ON OBJECT|TYPE|XML SCHEMA COLLECTION::<name>RECEIVE ON OBJECT::<queue name>SELECT ON OBJECT::<queue name>VIEW CHANGE TRACKING ON OBJECT::<name> SELECT ON OBJECT::<table |view name>INSERT ON OBJECT::< table |view name> UPDATE ON OBJECT::< table |view name> DELETE ON OBJECT::< table |view name>EXECUTE ON OBJECT|TYPE|XML SCHEMA COLLECTION::<name> REFERENCES ON OBJECT|TYPE|XML SCHEMA COLLECTION:<name> VIEW DEFINITION ON OBJECT|TYPE|XML SCHEMA COLLECTION::<name>ALTER ON OBJECT|TYPE|XML SCHEMA COLLECTION::<name>TAKE OWNERSHIP ON SCHEMA::<name>VIEW CHANGE TRACKING ON SCHEMA::<name>SELECT ON SCHEMA::<name>INSERT ON SCHEMA::<name>UPDATE ON SCHEMA::<name>DELETE ON SCHEMA::<name>EXECUTE ON SCHEMA::<name>REFERENCES ON SCHEMA::<name>VIEW DEFINITION ON SCHEMA::<name>ALTER ON SCHEMA::<name>CREATE SEQUENCESELECT ON DATABASE::<name>INSERT ON DATABASE::<name>UPDATE ON DATABASE::<name>DELETE ON DATABASE::<name>EXECUTE ON DATABASE::<name>REFERENCES ON DATABASE::<name>VIEW DEFINITION ON DATABASE::<name>TAKE OWNERSHIP ON DATABASE::<name>ALTER ON DATABASE::<name>ALTER ANY SCHEMACREATE SCHEMACREATE AGGREGATE CREATE DEFAULT CREATE FUNCTION CREATE PROCEDURE CREATE QUEUE CREATE RULE CREATE SYNONYM CREATE TABLE CREATE TYPE CREATE VIEWCREATE XML SCHEMA COLLECTIONVIEW ANY DEFINITIONVIEW ANY DATABASEALTER ANY DATABASEServer PermissionsDatabase PermissionsSchema PermissionsObject Permissions Type PermissionsXML Schema Collection PermissionsDatabase Permissions –Schema ObjectsNotes:•To create a schema object (such as a table) you must have CREATE permission for that object type plus ALTER ON SCHEMA::<name> for the schema of the object. Might require REFERENCES ON OBJECT::<name> for any referenced CLR type or XML schema collection.•To alter an object (such as a table) you must have ALTER permission on the object (or schema ),or CONTROL permission on the object.CONTROL ON SERVERCONTROL ON DATABASE::<name>CONTROL ON SCHEMA ::<name>CONTROL ON OBJECT|TYPE|XML SCHEMA COLLECTION ::<name>OBJECT permissions apply to the following database objects:AGGREGATE DEFAULT FUNCTION PROCEDURE QUEUE RULE SYNONYM TABLE VIEW(All permissions do not apply to all objects. For example UPDATE only applies to tables and views.)•To drop an object (such as a table) you must have ALTER permission on the schema or CONTROL permission on the object.•To create an index requires ALTER OBJECT::<name> permission on the table or view.•To create or alter a trigger on a table or view requires ALTER OBJECT::<name> on the table or view.•To create statistics requires ALTER OBJECT::<name> on the table or view.CONTROL SERVERVIEW ANY DEFINITIONALTER ANY DATABASECONTROL ON DATABASE::<name>VIEW DEFINITION ON DATABASE::<name>REFERENCES ON DATABASE::<name>ALTER ON DATABASE::<name>ALTER ANY FULLTEXT CATALOGCREATE FULLTEXT CATALOG Certificate PermissionsFull-text PermissionsAssembly PermissionsQuestions and comments to ************************Server Role PermissionsCONTROL SERVERVIEW ANY DEFINITIONALTER ANY SERVER ROLEVIEW DEFINITION ON SERVER ROLE::<name>TAKE OWNERSHIP ON SERVER ROLE::<name>ALTER ON SERVER ROLE::<name>CONTROL ON SERVER ROLE::<name>Most permission statements have the format :AUTHORIZATION PERMISSION ON SECURABLE::NAME TO PRINCIPAL•AUTHORIZATION must be GRANT, REVOKE or DENY.•PERMISSION is listed in the charts below.•ON SECURABLE::NAME is the server, server object, database, or database object and its name. Some permissions do not require ON SECURABLE::NAME.•PRINCIPAL is the login, user, or role which receives or loses the permission. Grant permissions to roles whenever possible.Sample grant statement: GRANT UPDATE ON OBJECT::Production.Parts TO PartsTeam Denying a permission at any level, overrides a related grant.To remove a previously granted permission, use REVOKE, not DENY.NOTES:•The CONTROL SERVER permission has all permissions on the instance of SQL Server.•The CONTROL DATABASE permission has all permissions on the database.•Permissions do not imply role memberships and role memberships do not grant permissions. (E.g. CONTROL SERVER does not imply membership in the sysadmin fixed server role. Membership in the db_owner role does not grant the CONTROL DATABASE permission.) However, it is sometimes possible to impersonate between roles and equivalent permissions.•Granting any permission on a securable allows VIEW DEFINITION on that securable. It is an implied permissions and it cannot be revoked, but it can be explicitly denied by using the DENY VIEW DEFINITION statement.Server Level PermissionsNotes:•Creating a full-text index requires ALTER permission on the table and REFERENCES permission on the full-text catalog.•Dropping a full-text index requires ALTER permission on the table.STATEMENTS:DROP DATABASEMarch 28, 2014How to Read this Chart•Most of the more granular permissions are included in more than one higher level scope permission. So permissions can be inherited from more than one type of higher scope.•Black, green, and blue arrows and boxes point to subordinate permissions that are included in the scope of higher a level permission.•Brown arrows and boxes indicate some of the statements that can use the permission.CREATE SERVER ROLEAvailability Group PermissionsCONTROL SERVERVIEW ANY DEFINITIONALTER ANY AVAILABILITY GROUPVIEW DEFINITION ON AVAILABILITY GROUP::<name>TAKE OWNERSHIP ON AVAILABILITY GROUP::<name>ALTER ON AVAILABILITY GROUP::<name>CONTROL ON AVAILABILITY GROUP::<name>CREATE AVAILABILITY GROUPADMINISTER BULK OPERATIONSALTER ANY AVAILABILITY GROUP –See Availability Group PermissionsCREATE AVAILABILTY GROUPALTER ANY CONNECTION ALTER ANY CREDENTIALALTER ANY DATABASE –See Database Permission ChartsCREATE ANY DATABASE –See Top Level Database PermissionsALTER ANY ENDPOINT –See Connect and AuthenticationCREATE ENDPOINT –See Connect and AuthenticationALTER ANY EVENT NOTIFICATIONCREATE DDL EVENT NOTIFICATION CREATE TRACE EVENT NOTIFICATIONALTER ANY EVENT SESSION ALTER ANY LINKED SERVERALTER ANY LOGIN –See Connect and Authentication ALTER ANY SERVER AUDITALTER ANY SERVER ROLE –See Server Role PermissionsCREATE SERVER ROLE –See Server Role PermissionsALTER RESOURCES (Not used. Use diskadmin fixed server role instead.)ALTER SERVER STATEVIEW SERVER STATEALTER SETTINGS ALTER TRACEAUTHENTICATE SERVERCONNECT SQL –See Connect and Authentication CONNECT ANY DATABASE IMPERSONATE ANY LOGIN SELECT ALL USER SECURABLES SHUTDOWN UNSAFE ASSEMBLYEXTERNAL ACCESS ASSEMBLYVIEW ANY DEFINITIONVIEW ANY DATABASE –See Database Permissions –Schema* NOTE:The SHUTDOWN statement requires the SQL Server SHUTDOWN permission. Starting, stopping, and pausing the Database Engine from SSCM, SSMS, or Windows requires Windows permissions, not SQL Server permissions.STATEMENTS:CREATE/ALTER/DROP server triggers OPENROWSET(BULK….KILL CREATE/ALTER/DROP CREDENTIAL DBCC FREE…CACHE and SQLPERF SELECT on server-level DMV’s sp_configure, RECONFIGURE sp_create_traceAllows server-level delegationCONTROL SERVERSTATEMENTS:CREATE/ALTER/DROP server triggers OPENROWSET(BULK …KILLServer scoped event notifications Server scoped DDL event notifications Event notifications on trace events Extended event sessions sp_addlinkedserverDBCC FREE…CACHE and SQLPERF SELECT on server-level DMV’s sp_configure, RECONFIGURE sp_trace_create Allows server-level delegation SHUTDOWN*CREATE/ALTER/DROP SERVER AUDIT and SERVER AUDIT SPECIFICATION CONTROL SERVERVIEW ANY DEFINITION ALTER ANY LOGINCONNECT SQLCONTROL ON LOGIN::<name>Connect and Authentication –Server PermissionsVIEW ANY DEFINITIONALTER ANY ENDPOINTCREATE ENDPOINTCONNECT ON ENDPOINT::<name>TAKE OWNERSHIP ON ENDPOINT::<name>VIEW DEFINITION ON ENDPOINT::<name>ALTER ON ENDPOINT::<name>CONTROL ON ENDPOINT::<name>Notes:•The CREATE LOGIN statement creates a login and grants CONNECT SQL to that login.•Enabling a login (ALTER LOGIN <name> ENABLE) is not the same as granting CONNECT SQL permission.•To map a login to a credential, see ALTER ANY CREDENTIAL.•When contained databases are enabled, users can access SQL Server without a login. See database user permissions.•To connect using a login you must have :o An enabled login o CONNECT SQLoCONNECT for the database (if specified)VIEW DEFINITION ON LOGIN::<name>IMPERSONATE ON LOGIN::<name>ALTER ON LOGIN::<name>STATEMENTS:ALTER LOGIN, sp_addlinkedsrvlogin DROP LOGIN CREATE LOGINSTATEMENTS:ALTER ENDPOINT DROP ENDPOINTCREATE ENDPOINTSTATEMENTS:ALTER SERVER ROLE <name> ADD MEMBER DROP SERVER ROLECREATE SERVER ROLESTATEMENTS:ALTER AVAILABILITY GROUP DROP AVAILABILITY GROUPCREATE AVAILABILITY GROUPCONTROL ON FULLTEXT CATALOG::<name>VIEW DEFINITION ON FULLTEXT CATALOG::<name>REFERENCES ON FULLTEXT CATALOG::<name>TAKE OWNERSHIP ON FULLTEXT CATALOG::<name>ALTER ON FULLTEXT CATALOG::<name>STATEMENTS:ALTER FULLTEXT CATALOG CREATE FULLTEXT CATALOGDatabase Role PermissionsCONTROL SERVERVIEW ANY DEFINITIONALTER ANY DATABASEVIEW DEFINITION ON DATABASE::<name>ALTER ON DATABASE::<name>ALTER ANY ROLE CREATE ROLE CONTROL ON DATABASE::<name>VIEW DEFINITION ON ROLE::<name>TAKE OWNERSHIP ON ROLE::<name>ALTER ON ROLE::<name>CONTROL ON ROLE::<name>STATEMENTS:ALTER ROLE <name> ADD MEMBER DROP ROLECREATE ROLESymmetric Key PermissionsCONTROL SERVERVIEW ANY DEFINITIONALTER ANY DATABASEVIEW DEFINITION ON DATABASE::<name>REFERENCES ON DATABASE::<name>ALTER ON DATABASE::<name>ALTER ANY SYMMETRIC KEYCREATE SYMMETRIC KEY CONTROL ON DATABASE::<name>VIEW DEFINITION ON SYMMETRIC KEY::<name>REFERENCES ON SYMMETRIC KEY::<name>TAKE OWNERSHIP ON SYMMETRIC KEY::<name>ALTER ON SYMMETRIC KEY::<name>CONTROL ON SYMMETRIC KEY::<name>STATEMENTS:ALTER SYMMETRIC KEY DROP SYMMETRIC KEY CREATE SYMMETRIC KEYNote: OPEN SYMMETRIC KEY requires VIEW DEFINITION permission on the key (implied by any permission on the key), and requires permission on the key encryption hierarchy.Asymmetric Key PermissionsCONTROL SERVERVIEW ANY DEFINITIONALTER ANY DATABASEVIEW DEFINITION ON DATABASE::<name>REFERENCES ON DATABASE::<name>ALTER ON DATABASE::<name>ALTER ANY ASYMMETRIC KEYCREATE ASYMMETRIC KEYCONTROL ON DATABASE::<name>VIEW DEFINITION ON ASYMMETRIC KEY::<name>REFERENCES ON ASYMMETRIC KEY::<name>TAKE OWNERSHIP ON ASYMMETRIC KEY::<name>ALTER ON ASYMMETRIC KEY::<name>CONTROL ON ASYMMETRIC KEY::<name>STATEMENTS:ALTER ASYMMETRIC KEY DROP ASYMMETRIC KEYCREATE ASYMMETRIC KEYNote: ADD SIGNATURE requires CONTROL permission on the key, andrequires ALTER permission on the object.CONTROL SERVERVIEW ANY DEFINITIONALTER ANY DATABASEVIEW DEFINITION ON DATABASE::<name>REFERENCES ON DATABASE::<name>ALTER ON DATABASE::<name>ALTER ANY CERTIFICATE CREATE CERTIFICATE CONTROL ON DATABASE::<name>VIEW DEFINITION ON CERTIFICATE::<name>REFERENCES ON CERTIFICATE::<name>TAKE OWNERSHIP ON CERTIFICATE::<name>ALTER ON CERTIFICATE::<name>CONTROL ON CERTIFICATE::<name>STATEMENTS:ALTER CERTIFICATE DROP CERTIFICATECREATE CERTIFICATENote: ADD SIGNATURE requiresCONTROL permission on the certificate, and requires ALTER permission on the object.CONTROL SERVERVIEW ANY DEFINITIONALTER ANY DATABASEVIEW DEFINITION ON DATABASE::<name>REFERENCES ON DATABASE::<name>ALTER ON DATABASE::<name>ALTER ANY ASSEMBLY CREATE ASSEMBLYCONTROL ON DATABASE::<name>VIEW DEFINITION ON ASSEMBLY::<name>REFERENCES ON ASSEMBLY::<name>TAKE OWNERSHIP ON ASSEMBLY::<name>ALTER ON ASSEMBLY::<name>CONTROL ON ASSEMBLY::<name>STATEMENTS:ALTER ASSEMBLYDROP ASSEMBLYCREATE ASSEMBLYEvent Notification PermissionsCONTROL SERVERALTER ANY EVENT NOTIFICATIONCREATE DDL EVENT NOTIFICATIONCREATE TRACE EVENT NOTIFICATIONALTER ON DATABASE::<name>ALTER ANY DATABASE EVENT NOTIFICATION CREATE DATABASE DDL EVENT NOTIFICATIONCONTROL ON DATABASE::<name>Database scoped event notificationsDatabase scoped DDL event notificationsEvent notifications on trace eventsNote: EVENT NOTIFICATION permissions also affect service broker. See the service broker chart for more into.Connect and Authentication –Database PermissionsCONTROL SERVERVIEW ANY DEFINITIONALTER ANY DATABASEVIEW DEFINITION ON DATABASE::<name>ALTER ON DATABASE::<name>ALTER ANY USER CONNECT ON DATABASE::<name>CONTROL ON DATABASE::<name>VIEW DEFINITION ON USER::<name>IMPERSONATE ON USER::<name>ALTER ON USER::<name>CONTROL ON USER::<name>STATEMENTS:ALTER USER DROP USER CREATE USERNOTES:•When contained databases are enabled, creating a database user that authenticates at the database, grants CONNECT DATABASE to that user,and it can access SQL Server without a login.•Granting ALTER ANY USER allows a principal to create a user based on a login, but does not grant the server level permission to view information about logins.Replication PermissionsCONTROL SERVERCONTROL ON DATABASE::<name>CONNECT REPLICATION ON DATABASE::<name>CONNECT ON DATABASE::<name>Application Role PermissionsCONTROL SERVERVIEW ANY DEFINITION ALTER ANY DATABASE CONTROL ON DATABASE::<name>VIEW DEFINITION ON DATABASE::<name>ALTER ON DATABASE::<name>ALTER ANY APPLICATION ROLECONTROL ON APPLICATION ROLE::<name>VIEW DEFINITION ON APPLICATION ROLE::<name>ALTER ON APPLICATION ROLE::<name>STATEMENTS:ALTER APPLICATION ROLE DROP APPLICATION ROLE CREATE APPLICATION ROLESTATEMENTS:DROP FULLTEXT CATALOG DROP FULLTEXT STOPLISTDROP FULLTEXT SEARCH PROPERTYLISTCONTROL ON FULLTEXT STOPLIST::<name>VIEW DEFINITION ON FULLTEXT STOPLIST::<name>REFERENCES ON FULLTEXT STOPLIST::<name>TAKE OWNERSHIP ON FULLTEXT STOPLIST::<name>ALTER ON FULLTEXT STOPLIST::<name>STATEMENTS:ALTER FULLTEXT STOPLIST CREATE FULLTEXT STOPLISTCONTROL ON SEARCH PROPERTY LIST::<name>VIEW DEFINITION ON SEARCH PROPERTY LIST::<name>REFERENCES ON SEARCH PROPERTY LIST::<name>TAKE OWNERSHIP ON SEARCH PROPERTY LIST::<name>ALTER ON SEARCH PROPERTY LIST::<name>STATEMENTS:ALTER SEARCH PROPERTY LIST CREATE SEARCH PROPERTY LISTService Broker PermissionsNotes:•The user executing the CREATE CONTRACT statement must have REFERENCES permission on all message typesspecified.•The user executing the CREATE SERVICE statement must have REFERENCES permission on the queue and allcontracts specified.•To execute the CREATE or ALTER REMOTE SERVICE BINDING the user must have impersonate permission forthe principal specified in the statement.•When the CREATE or ALTER MESSAGE TYPE statement specifies a schema collection, the user executing thestatement must have REFERENCES permission on the schema collection specified.•See the ALTER ANY EVENT NOTIFICATION chart for more permissions related to Service Broker.•See the SCHEMA OBJECTS chart for QUEUE permissions.•The ALTER CONTRACT permission exists but at this time there is no ALTER CONTRACT statement.CONTROL ON REMOTE SERVICE BINDING::<name>VIEW DEFINITION ON REMOTE SERVICE BINDING::<name>TAKE OWNERSHIP ON REMOTE SERVICE BINDING::<name>ALTER ON REMOTE SERVICE BINDING::<name>STATEMENTS:ALTER REMOTE SERVICE BINDINGDROP REMOTE SERVICE BINDINGCREATE REMOTE SERVICE BINDINGCONTROL SERVERVIEW ANY DEFINITIONALTER ANY DATABASECONTROL ON DATABASE::<name>VIEW DEFINITION ON DATABASE::<name>ALTER ON DATABASE::<name>ALTER ANY REMOTE SERVICE BINDINGCREATE REMOTE SERVICE BINDINGCONTROL ON CONTRACT::<name>VIEW DEFINITION ON CONTRACT::<name>REFERENCES ON CONTRACT::<name>TAKE OWNERSHIP ON CONTRACT::<name>ALTER ON CONTRACT::<name>STATEMENTS:DROP CONTRACTCREATE CONTRACTCONTROL SERVER VIEW ANY DEFINITIONALTER ANY DATABASECONTROL ON DATABASE::<name>VIEW DEFINITION ON DATABASE::<name>REFERENCES ON DATABASE::<name>ALTER ON DATABASE::<name>ALTER ANY CONTRACTCREATE CONTRACTCONTROL ON SERVICE::<name>VIEW DEFINITION ON SERVICE::<name>SEND ON SERVICE::<name>TAKE OWNERSHIP ON SERVICE::<name>ALTER ON SERVICE::<name>STATEMENTS:ALTER SERVICE DROP SERVICECREATE SERVICECONTROL SERVERVIEW ANY DEFINITION ALTER ANY DATABASE CONTROL ON DATABASE::<name>VIEW DEFINITION ON DATABASE::<name>ALTER ON DATABASE::<name>ALTER ANY SERVICECREATE SERVICESTATEMENTS:ALTER ROUTE DROP ROUTE CREATE ROUTECONTROL SERVERVIEW ANY DEFINITIONALTER ANY DATABASECONTROL ON DATABASE::<name>VIEW DEFINITION ON DATABASE::<name>ALTER ON DATABASE::<name>ALTER ANY ROUTECREATE ROUTE CONTROL ON ROUTE::<name>VIEW DEFINITION ON ROUTE::<name>TAKE OWNERSHIP ON ROUTE::<name>ALTER ON ROUTE::<name>STATEMENTS:ALTER MESSAGE TYPEDROP MESSAGE TYPE CREATE MESSAGE TYPECONTROL SERVER VIEW ANY DEFINITIONALTER ANY DATABASECONTROL ON DATABASE::<name>VIEW DEFINITION ON DATABASE::<name>REFERENCES ON DATABASE::<name>ALTER ON DATABASE::<name>ALTER ANY MESSAGE TYPECREATE MESSAGE TYPECREATE QUEUECONTROL ON MESSAGE TYPE::<name>VIEW DEFINITION ON MESSAGE TYPE::<name>REFERENCES ON MESSAGE TYPE::<name>TAKE OWNERSHIP ON MESSAGE TYPE::<name>ALTER ON MESSAGE TYPE::<name>Permission SyntaxCREATE DATABASE **ALTER ON DATABASE::<name>STATEMENTS: CREATE DATABASE, RESTORE DATABASE** NOTE:CREATE DATABASE is a database level permissionthat can only be granted in the master database.STATEMENTS:EXECUTE ASSTATEMENTS:EXECUTE ASSTATEMENTS:ALTER AUTHORIZATIONNotes:•ALTER AUTHORIZATION for any object might also require IMPERSONATE or membership in a role or ALTER permission on a role.•ALTER AUTHORIZATION exists at many levels in the permission model but is never inherited from ALTER AUTHORIZATION at a higher level.Note: CREATE and ALTER ASSEMBLY statements sometimes require server level EXTERNAL ACCESS ASSEMBLY and UNSAFE ASSEMBLY permissions, and can require membership in the sysadmin fixed server role.NOTES:Only members of the db_owner fixed database role can add or remove members from fixed database roles.NOTES:To add a member to a fixed server role, you must be a member of that fixed server role, or be a member of the sysadmin fixed server role.© 2014 Microsoft Corporation. All rights reserved.Database Engine PermissionsMicrosoft SQL Server 2014。
在SQL Server中有三种特殊的用户:系统管理员、用户数据库所有者(建立相应数据库的数据库用户)DBO、一般用户。
系统管理员对整个系统有操作权;用户数据库所有者对他所建立的数据库具有全部操作权利;一般用户对给定的数据库只有被授权的操作权限。
数据库用户一般可分为用户组,任一数据库在建立后即被赋予一个用户组public。
1、建立SQL服务器用户名(登录帐号)作为一个用户,为了使用SQL Server,他必须在SQL Server上有一个SQL服务器用户名(登录帐号)。
这个帐号是系统管理员通过sp_addlogin来增加的。
sp_addlogin 登录名,口令,库名,语言,全名例:建立用户a, 口令为123456(最低六位),全名为aaa1> sp_addlogin a,test,null,null,aaa2> go3> select * from syslogins4> go2、增加数据库用户名同样,为了使用SQL Server上的数据库,他必须在数据库中有一个用户名,这个用户名是数据库所有者通过sp_adduser来增加的。
数据库用户名不必和用户帐户一样,而且在不同的数据库中用户名可以不同。
多个用户可以有相同的SQL Server帐户。
同样,多个SQL Server 帐户可以有相同的数据库名。
sp_adduser 登录名,别名,组名登录名为用户的SQL服务器登录名;别名为用户在数据库中的用户名;组名为用户所属的数据库用户组。
例:用户a增加为test的用户,别名为a1,属于用户组china1>sp_addgroup china2>go1>sp_adduser a,a1,china2>go1> sp_helpuser2> go*例:删除别名a1,用户组china,登录名a1> use test2> go3> sp_dropuser a14> go5> sp_helpuser6> go1>sp_dropgroup china2>go2> go3> use master4> go5> sp_droplogin a6> go7> select * from syslogins8> go3、数据库操作授权grant 命令序列to 用户名A. 系统管理员可以授予其他用户CREATE DATABASE的权限,使其他用户可以成为数据库所有者。
SQLServer关于列的权限控制在SQL SERVER中列权限(Column Permissions)其实真没有什么好说的,但是好多⼈对这个都不甚了解,已经被⼈问了⼏次了,所以还是在这⾥介绍⼀下,很多⼈都会问,我能否单独对表的某列授权给某个⽤户?答案是可以,我们可以对表中的列授予SELECT、UPDATE权限,我们结合下⾯的简单案例来阐述⼀下可能效果更好。
案例1:在AdventureWorks2014中,登录名UserA 只能有权限查询[Person].[Person]⾥⾯的BusinessEntityID, NationalIDNumber, LoginID三个字段权限,不能查询其它字段GO给⽤户授予相关列的查询权限(SELECT)GRANT SELECT(BusinessEntityID, NationalIDNumber, LoginID) ON [HumanResources].[Employee] TO [UserA]此时你可以⽤下⾯SQL查看授予UserA的权限:SELECT dp.grantee_principal_id , AS UName ,dp.permission_name , ,OBJECT_NAME(O.object_id) AS TabNameFROM sys.database_permissions dpINNER JOIN sys.objects O ON dp.major_id = O.object_idINNER JOIN sys.columns C ON C.object_id = O.object_idAND C.column_id = dp.minor_idINNER JOIN sys.database_principals P ON P.principal_id = dp.grantee_principal_id;以⽤户UserA登录,如下所⽰,如果查询语句使⽤BusinessEntityID, NationalIDNumber, LoginID字段之外的其它字段,就会出现类似下⾯错误,当然也不能使⽤SELECT *之类的查询语句。
sql server实验指导第四版SQL Server实验指导第四版第一章:SQL Server的介绍SQL Server是由Microsoft开发的一种关系型数据库管理系统(RDBMS)。
它具有强大的数据管理和分析功能,被广泛应用于企业级应用程序和数据仓库中。
本章将介绍SQL Server的概述、特点以及应用领域,帮助读者了解SQL Server的基本知识。
第二章:SQL Server的安装和配置在使用SQL Server之前,需要先进行安装和配置。
本章将详细介绍SQL Server的安装步骤和配置选项,包括选择适当的版本、设置数据库引擎和其他组件,以及配置网络和安全设置等。
读者将学会如何正确地安装和配置SQL Server。
第三章:SQL Server的基本操作本章将介绍SQL Server的基本操作,包括创建数据库、创建表、插入数据、更新数据和删除数据等。
通过实际操作,读者将学会如何使用SQL Server进行数据库的基本管理和数据操作。
第四章:SQL Server的高级操作本章将深入介绍SQL Server的高级操作,包括查询数据、排序数据、过滤数据、连接表和子查询等。
读者将学会如何使用SQL语句来实现复杂的数据查询和分析。
第五章:SQL Server的性能优化本章将介绍SQL Server的性能优化技术,包括索引优化、查询优化、存储过程优化和服务器配置优化等。
通过掌握这些技术,读者将能够提高SQL Server的性能和响应速度。
第六章:SQL Server的备份和恢复在数据库管理中,备份和恢复是非常重要的任务。
本章将详细介绍SQL Server的备份和恢复技术,包括完整备份、差异备份、事务日志备份和数据库恢复等。
读者将学会如何使用SQL Server来保护数据库的安全和可靠性。
第七章:SQL Server的高可用性在企业级应用中,数据库的高可用性是至关重要的。
本章将介绍SQL Server的高可用性技术,包括故障转移集群、数据库镜像、数据库复制和Always On可用性组等。
sqlserver服务账户和权限管理配置培训资料SQL Server是一款常用的关系型数据库管理系统,用于存储、管理和操纵数据。
在企业中使用SQL Server时,确保服务账户和权限的正确配置非常重要。
本篇培训资料将介绍SQL Server服务账户和权限管理的基本概念以及具体配置方法。
一、SQL Server服务账户1. 什么是SQL Server服务账户SQL Server服务账户是SQL Server实例运行所需的Windows 账户,用于执行数据库引擎服务、代理服务和数据库服务,并提供运行时环境。
每个服务都需要独立的服务账户。
2. 服务账户的类型SQL Server服务账户分为本地账户和域账户两种类型:- 本地账户:仅限于本地服务器上使用,适用于独立服务器或测试环境。
- 域账户:存储在Windows域中的账户,可以跨多个服务器使用,适用于大规模企业环境。
3. 选择适当的服务账户在选择服务账户时应考虑以下几个因素:- 安全性:为了最大程度地保护数据库的安全,建议使用域账户,并遵循最少特权原则。
- 管理:使用域账户可以集中管理,并为不同的服务分配不同的账户,便于维护和审计。
- 高可用性:确保服务账户拥有适当的权限,以便支持SQLServer集群、镜像和Always On可用性组等功能。
二、SQL Server权限管理1. 什么是权限权限是指用户或用户组对数据库对象执行特定操作的能力。
SQL Server使用细粒度权限模型来管理数据库访问,确保只有经授权的用户可以执行特定操作。
2. 常见的权限类型- 基本权限:包括SELECT、INSERT、UPDATE、DELETE等,用于控制对表或视图的读写操作。
- DDL权限:用于控制对数据库结构的更改,如CREATE、ALTER和DROP等。
- 系统权限:用于控制对服务器级别的操作,如CREATE LOGIN、CREATE DATABASE和SHUTDOWN等。
SQL Server中文参考手册一、介绍SQL Server是微软公司开发的一款关系型数据库管理系统,常用于企业级应用程序的开发和数据管理。
它具有强大的数据处理和管理能力,能够支撑大型的数据量和复杂的业务逻辑。
本文将针对SQL Server的中文参考手册进行详细介绍,帮助读者理解和使用SQL Server的各项功能。
二、安装与配置1. 下载与安装在微软全球信息站上可以找到SQL Server的安装程序,根据自己的需求选择相应的版本进行下载。
安装过程中,可以根据向导逐步进行配置,包括选择安装目录、设置数据库引擎配置、配置实例等。
2. 服务设置安装完成后,需要对SQL Server的各项服务进行设置,包括SQL Server数据库引擎服务、SQL Server代理服务等。
可以通过“SQL Server配置管理器”进行相关设置。
三、数据库设计与管理1. 数据库设计SQL Server支持基于数据库模型进行设计,包括创建表、定义字段、设置键与索引等。
可以使用SQL Server Management Studio (SSMS)进行数据库设计。
2. 数据库管理SQL Server提供了丰富的数据库管理功能,包括备份与还原、数据库迁移、容灾与恢复等。
通过SSMS可以轻松进行数据库的管理操作。
四、数据查询与处理1. SQL语法SQL Server支持标准的SQL语法,包括SELECT、INSERT、UPDATE、DELETE等操作。
还支持存储过程、触发器、函数等高级特性。
2. 查询优化SQL Server提供了查询优化器,可以对查询语句进行优化,提高查询效率。
通过执行计划或查询分析工具,可以对查询进行性能分析。
五、安全与权限管理1. 登入与用户SQL Server允许创建多个登入账号,并且可以为不同的数据库设置不同的用户权限。
通过SQL Server安全性功能可以进行相关设置。
2. 数据加密SQL Server支持数据加密功能,可以对敏感数据进行加密保护。
大多数服务及其属性可通过使用SQLServer配置管理器进行配置。
以下是在C盘安装Windows 的情况下最新的四个版本的路径。
安装的服务SQLServer根据您决定安装的组件,SQLServer安装程序将安装以下服务:•SQLServerDatabaseServices-用于SQLServer关系数据库引擎的服务。
可执行文件为<MSSQLPATH>\MSSQL\Binn\sqlservr.exe。
•SQLServer代理-执行作业、监视SQLServer、激发警报以及允许自动执行某些管理任务。
SQLServer代理服务在SQLServerExpress的实例上存在,但处于禁用状态。
可执行文件为<MSSQLPATH>\MSSQL\Binn\sqlagent.exe。
•AnalysisServices-为商业智能应用程序提供联机分析处理(OLAP)和数据挖掘功能。
可执行文件为<MSSQLPATH>\OLAP\Bin\msmdsrv.exe。
•ReportingServices-管理、执行、创建、计划和传递报表。
可执行文件为<MSSQLPATH>\ReportingServices\ReportServer\Bin\ReportingServicesService.exe。
•IntegrationServices-为IntegrationServices包的存储和执行提供管理支持。
可执行文件的路径是<MSSQLPATH>\130\DTS\Binn\MsDtsSrvr.exe•SQLServerBrowser-向客户端计算机提供SQLServer连接信息的名称解析服务。
可执行文件的路径为c:\ProgramFiles(x86)\MicrosoftSQLServer\90\Shared\sqlbrowser.exe •全文搜索-对结构化和半结构化数据的内容和属性快速创建全文索引,从而为SQLServer 提供文档筛选和断字功能。
SQL Server操作手册一、简介SQL Server是由微软公司开发的关系数据库管理系统,广泛应用于企业级数据管理和处理。
本手册旨在为用户提供SQL Server的操作指南,帮助用户熟练掌握SQL Server的基本操作和高级功能。
二、安装和配置1. 下载SQL Server安装包用户可以从微软冠方全球信息站下载SQL Server的安装程序,选择适用于自己系统的版本进行下载。
2. 安装SQL Server双击安装程序,按照指引进行安装。
在安装过程中,用户需要选择安装的组件、配置数据库实例、设置管理员账号等信息。
3. 配置SQL Server安装完成后,用户需要进行SQL Server的配置工作,包括设置数据库连接、调整性能参数、配置备份策略等。
三、基本操作1. 连接数据库用户可以使用SQL Server Management Studio(SSMS)等工具连接到数据库实例,输入正确的服务器名、用户名和密码进行连接。
2. 创建数据库通过SSMS或者T-SQL语句,用户可以创建新的数据库,指定数据库的名称、文件路径、文件大小等参数。
3. 创建表在数据库中创建表格,定义表格的字段、数据类型、约束等信息,为数据存储做准备。
4. 插入数据使用INSERT语句向数据库表格中插入数据,确保数据的完整性和正确性。
5. 查询数据使用SELECT语句查询数据库表格中的数据,根据条件筛选出符合要求的数据。
6. 更新和删除数据使用UPDATE和DELETE语句更新和删除数据库表格中的数据,确保数据的实时性和准确性。
四、高级功能1. 存储过程用户可以使用T-SQL语句创建存储过程,实现对数据库的一系列操作逻辑的封装和复用。
2. 触发器使用触发器可以在数据库表格发生特定事件时自动执行特定的操作,实现数据的自动化处理和监控。
3. 索引优化通过合理地创建各种类型的数据库索引,可以提高数据库的查询性能和数据检索速度。
4. 备份恢复制定定期备份数据库的策略,并了解如何灵活、高效地进行数据库的恢复操作。
