权限层次结构(数据库引擎)Permissions Hierarchy (Database Engine)

适用对象: yesSQL ServeryesAzure SQL 数据库yesAzure SQL 数据仓库yes并行数据仓库APPLIES TO: yesSQL Server yesAzure SQL Database yesAzure SQL Data Warehouse yesParallel Data Warehouse

数据库引擎Database Engine 管理着可以通过权限进行保护的实体的分层集合。The 数据库引擎Database Engine manages a hierarchical collection of entities that can be secured with permissions. 这些实体称为“安全对象” 。These entities are known as securables. 最主要的安全对象是服务器和数据库,但可以在更细化的级别设置各种权限。The most prominent securables are servers and databases, but discrete permissions can be set at a much finer level. SQL ServerSQL Server 通过验证主体是否已被授予适当权限来控制主体对安全对象的操作。regulates the actions of principals on securables by verifying that they have been granted appropriate permissions.

下图显示了 数据库引擎Database Engine 权限层次结构之间的关系。The following illustration shows the relationships among the 数据库引擎Database Engine permissions hierarchies.

权限系统在所有的 SQL ServerSQL ServerSQL 数据库SQL DatabaseSQL 数据仓库SQL Data Warehouse分析平台系统Analytics Platform System版本中的工作方式相同,但是有些功能并不是在所有版本中都可用。The permissions system works the same in all versions of SQL ServerSQL Server, SQL 数据库SQL Database, SQL 数据仓库SQL Data Warehouse, 分析平台系统Analytics Platform System, however some features are not available in all versions. 例如,不能在 Azure 产品中配置服务器级权限。For example, server-level permission cannot be configured in Azure products.

数据库引擎权限层次结构的关系图Diagram of Database Engine permissions hierarchies

SQL Server 权限图表Chart of SQL Server Permissions

若要获取 pdf 格式的所有 数据库引擎Database Engine 权限的海报大小的图表,请参阅 https://aka.ms/sql-permissions-posterFor a poster sized chart of all 数据库引擎Database Engine permissions in pdf format, see https://aka.ms/sql-permissions-poster.

使用权限Working with Permissions

可以使用常见的 Transact-SQLTransact-SQL 查询 GRANT、DENY 和 REVOKE 来操作权限。Permissions can be manipulated with the familiar Transact-SQLTransact-SQL queries GRANT, DENY, and REVOKE. 有关权限的信息,可以在 sys.server_permissionssys.database_permissions 目录视图中看到。Information about permissions is visible in the sys.server_permissions and sys.database_permissions catalog views. 也可以使用内置函数来查询权限信息。There is also support for querying permissions information by using built-in functions.

有关设计权限系统的信息,请参阅 Getting Started with Database Engine PermissionsFor information about designing a permissions system, see Getting Started with Database Engine Permissions.

另请参阅See Also

保护 SQL Server Securing SQL Server
权限(数据库引擎) Permissions (Database Engine)
安全对象 Securables
主体(数据库引擎) Principals (Database Engine)
GRANT (Transact-SQL) GRANT (Transact-SQL)
REVOKE (Transact-SQL) REVOKE (Transact-SQL)
DENY (Transact-SQL) DENY (Transact-SQL)
HAS_PERMS_BY_NAME (Transact-SQL) HAS_PERMS_BY_NAME (Transact-SQL)
sys.fn_builtin_permissions (Transact-SQL) sys.fn_builtin_permissions (Transact-SQL)
sys.server_permissions (Transact-SQL) sys.server_permissions (Transact-SQL)
sys.database_permissions (Transact-SQL)sys.database_permissions (Transact-SQL)