catalog.deny_permission(SSISDB 数据库)catalog.deny_permission (SSISDB Database)

适用范围:SQL Server,包括 Linux Azure SQL 数据库yesAzure SQL 数据仓库no并行数据仓库 APPLIES TO: yesSQL Server, including on Linux yesAzure SQL Database yesAzure SQL Data Warehouse noParallel Data Warehouse

适用对象: yesSQL ServeryesAzure SQL 数据库noAzure SQL 数据仓库no并行数据仓库APPLIES TO: yesSQL Server noAzure SQL Database noAzure SQL Data Warehouse noParallel Data Warehouse

拒绝对 Integration ServicesIntegration Services 目录中的某个安全对象的权限。Denies a permission on a securable object in the Integration ServicesIntegration Services catalog.

语法Syntax

catalog.deny_permission [ @object_type = ] object_type  
    , [ @object_id = ] object_id  
    , [ @principal_id = ] principal_id  
    , [ @permission_type = ] permission_type  

参数Arguments

[ @object_type = ] object_type[ @object_type = ] object_type
安全对象的类型。The type of securable object. 安全对象类型包括文件夹 (1)、项目 (2)、环境 (3) 和操作 (4)。object_typesmallintSecurable objects types include folder (1), project (2), environment (3), and operation (4).The object_type is smallint.

[ @object_id = ] object_id[ @object_id = ] object_id
安全对象的唯一标识符 (ID) 或主键。The unique identifier (ID) or primary key of the securable object. object_idbigintThe object_id is bigint.

[ @principal_id = ] principal_id[ @principal_id = ] principal_id
被拒绝的主体的 ID。The ID of the principal who is to be denied. principal_idintThe principal_id is int.

[ @permission_type = ] permission_type[ @permission_type = ] permission_type
要被拒绝的权限类型。The type of permission that is to be denied. permission_typesmallintThe permission_type is smallint.

返回代码值Return Code Values

0(成功)0 (success)

1(object_class 无效)1 (object_class is not valid)

2(object_id 不存在)2 (object_id does not exist)

3(主体不存在)3 (principal does not exist)

4(权限无效)4 (permission is not valid)

5(其他错误)5 (other error)

结果集Result Sets

NoneNone

权限Permissions

此存储过程需要下列权限之一:This stored procedure requires one of the following permissions:

  • 针对对象的 MANAGE_PERMISSIONS 权限MANAGE_PERMISSIONS permission on the object

  • ssis_admin 数据库角色的成员资格Membership to the ssis_admin database role

  • sysadmin 服务器角色的成员资格Membership to the sysadmin server role

RemarksRemarks

通过此存储过程可以拒绝下表中所示的权限类型:This stored procedure allows you to deny the permission types described in the following table:

permission_type 值permission_type Value 权限名称Permission Name 权限说明Permission Description 适用对象类型Applicable Object Types
1 READREAD 允许主体读取被视为对象一部分的信息(如属性)。Allows the principal to read information that is considered part of the object, such as properties. 它不允许主体枚举或读取该对象中包含的其他对象的内容。It does not allow the principal to enumerate or read the contents of other objects contained within the object. 文件夹、项目、环境、操作Folder, Project, Environment, Operation
2 MODIFYMODIFY 允许主体修改被视为对象一部分的信息(如属性)。Allows the principal to modify information that is considered part of the object, such as properties. 它不允许主体修改该对象中包含的其他对象。It does not allow the principal to modify other objects contained within the object. 文件夹、项目、环境、操作Folder, Project, Environment, Operation
3 在运行 CREATE 语句前执行EXECUTE 允许主体执行项目中的所有包。Allows the principal to execute all packages in the project. 项目Project
4 MANAGE_PERMISSIONSMANAGE_PERMISSIONS 允许主体向对象分配权限。Allows the principal to assign permissions to the objects. 文件夹、项目、环境、操作Folder, Project, Environment, Operation
100 CREATE_OBJECTSCREATE_OBJECTS 允许主体在文件夹中创建对象。Allows the principal to create objects in the folder. 文件夹Folder
101 READ_OBJECTSREAD_OBJECTS 允许主体读取文件夹中的所有对象。Allows the principal to read all objects in the folder. 文件夹Folder
102 MODIFY_OBJECTSMODIFY_OBJECTS 允许主体修改文件夹中的所有对象。Allows the principal to modify all objects in the folder. 文件夹Folder
103 EXECUTE_OBJECTSEXECUTE_OBJECTS 允许主体执行文件夹中所有项目的所有包。Allows the principal to execute all packages from all projects in the folder. 文件夹Folder
104 MANAGE_OBJECT_PERMISSIONSMANAGE_OBJECT_PERMISSIONS 允许主体管理文件夹中所有对象的权限。Allows the principal to manage permissions on all objects in the folder. 文件夹Folder

错误和警告Errors and Warnings

下面的列表描述了一些可能引发错误或警告的情况:The following list describes some conditions that may raise an error or warning:

  • 如果指定 permission_type,此过程会拒绝显式分配给指定主体的针对指定对象的指定权限。If permission_type is specified, the procedure denies the specified permission that is explicitly assigned to the specified principal for the specified object. 即使不发生此类情况,该过程也仍将返回成功代码值 (0)。Even if there are no such instances, the procedure still returns a success code value (0).

  • 如果忽略 permission_type,此过程会拒绝指定主体针对指定对象的所有权限。If permission_type is omitted, the procedure denies all permissions for the specified principal to the specified object.