自主資料庫驗證伺服器組態選項contained database authentication Server Configuration Option

適用於: 是SQL Server 否Azure SQL Database 否Azure Synapse Analytics (SQL DW) 否平行處理資料倉儲 APPLIES TO: yesSQL Server noAzure SQL Database noAzure Synapse Analytics (SQL DW) noParallel Data Warehouse

使用 [自主資料庫驗證] 選項,可在 SQL Server Database EngineSQL Server Database Engine執行個體上啟用自主資料庫。Use the contained database authentication option to enable contained databases on the instance of SQL Server Database EngineSQL Server Database Engine.

此伺服器選項可讓您控制 自主資料庫驗證This server option allows you to control contained database authentication.

  • 當執行個體的 [自主資料庫驗證] 為關 (0) 時,自主資料庫便無法建立,或附加到 Database EngineDatabase EngineWhen contained database authentication is off (0) for the instance, contained databases cannot be created, or attached to the Database EngineDatabase Engine.

  • 當執行個體的 [自主資料庫驗證] 為開 (1) 時,自主資料庫就可以建立,或附加到 Database EngineDatabase EngineWhen contained database authentication is on (1) for the instance, contained databases can be created, or attached to the Database EngineDatabase Engine.

自主資料庫包含了定義資料庫所需的所有資料庫設定和中繼資料,而且對於已安裝資料庫的 Database EngineDatabase Engine 執行個體沒有組態相依性。A contained database includes all database settings and metadata required to define the database and has no configuration dependencies on the instance of the Database EngineDatabase Engine where the database is installed. 使用者可以連接至資料庫,而不需要在 Database EngineDatabase Engine 層級驗證登入。Users can connect to the database without authenticating a login at the Database EngineDatabase Engine level. 將資料庫與 Database Engine 隔離,可讓您輕鬆地將資料庫移至另一個 SQL ServerSQL Server執行個體。Isolating the database from the Database Engine makes it possible to easily move the database to another instance of SQL ServerSQL Server. 將所有資料庫設定包含在資料庫中,可讓資料庫擁有者管理該資料庫的所有組態設定。Including all the database settings in the database enables database owners to manage all the configuration settings for the database. 如需自主資料庫的詳細資訊,請參閱 自主資料庫For more information about contained databases, see Contained Databases.

注意

SQL DatabaseSQL DatabaseSQL 資料倉儲SQL Data Warehouse 一律會啟用自主資料庫且無法停用。Contained databases are always enabled for SQL DatabaseSQL Database and SQL 資料倉儲SQL Data Warehouse and cannot be disabled.

如果 SQL ServerSQL Server 的執行個體具有任何自主資料庫,您就可以使用 RECONFIGURE WITH OVERRIDE 陳述式,將 [自主資料庫驗證] 設定設為 0。If an instance of SQL ServerSQL Server has any contained databases the contained database authentication setting can be set to 0 by using the RECONFIGURE WITH OVERRIDE statement. 將 [自主資料庫驗證] 設為 0 將會停用自主資料庫的自主資料庫驗證。Setting contained database authentication to 0 will disable contained database authentication for the contained databases.

重要

當啟用自主的資料庫時,具有 ALTER ANY USER 權限 (例如 db_owner 和 db_accessadmin 資料庫角色) 的資料庫使用者可以存取資料庫,且可藉此來存取 SQL ServerSQL Server的執行個體。When contained databases are enabled, database users with the ALTER ANY USER permission, such as members of the db_owner and db_accessadmin database roles, can grant access to databases and by doing so, grant access to the instance of SQL ServerSQL Server. 這表示伺服器存取的控制權不再限於系統管理員和安全性管理員固定伺服器角色,且以具有 CONTROL SERVER和 ALTER ANY LOGIN 伺服器層級的權限來登入。This means that control over access to the server is no longer limited to members of the sysadmin and securityadmin fixed server role, and logins with the server level CONTROL SERVER and ALTER ANY LOGIN permission. 在允許自主資料庫之前,您應該了解自主資料庫的相關風險。Before allowing contained databases, you should understand the risks associated with contained databases. 如需詳細資訊,請參閱 Security Best Practices with Contained DatabasesFor more information, see Security Best Practices with Contained Databases.

範例Examples

下列範例會在 Database EngineDatabase Engine執行個體上啟用自主資料庫。The following example enables contained databases on the instance of the Database EngineDatabase Engine.

sp_configure 'contained database authentication', 1;  
GO  
RECONFIGURE;  
GO  

另請參閱See Also

sp_configure (Transact-SQL) sp_configure (Transact-SQL)
RECONFIGURE (Transact-SQL) RECONFIGURE (Transact-SQL)
伺服器組態選項 (SQL Server)Server Configuration Options (SQL Server)