GRANT 憑證權限 (Transact-SQL)GRANT Certificate Permissions (Transact-SQL)

適用範圍:Applies to: 是SQL ServerSQL Server (所有支援的版本) yesSQL ServerSQL Server (all supported versions) 是Azure SQL DatabaseAzure SQL DatabaseYesAzure SQL DatabaseAzure SQL Database適用範圍:Applies to: 是SQL ServerSQL Server (所有支援的版本) yesSQL ServerSQL Server (all supported versions) 是Azure SQL DatabaseAzure SQL DatabaseYesAzure SQL DatabaseAzure SQL Database

SQL ServerSQL Server 中授與憑證的權限。Grants permissions on a certificate in SQL ServerSQL Server.

主題連結圖示 Transact-SQL 語法慣例Topic link icon Transact-SQL Syntax Conventions

語法Syntax

GRANT permission  [ ,...n ]    
    ON CERTIFICATE :: certificate_name   
    TO principal [ ,...n ] [ WITH GRANT OPTION ]   
    [ AS granting_principal ]   

注意

若要檢視 SQL Server 2014 與更早版本的 Transact-SQL 語法,請參閱舊版文件To view Transact-SQL syntax for SQL Server 2014 and earlier, see Previous versions documentation.

引數Arguments

permissionpermission
指定可以授與的憑證權限。Specifies a permission that can be granted on a certificate. 如下所列。Listed below.

ON CERTIFICATE :: certificate_nameON CERTIFICATE ::certificate_name
指定正在授與權限的憑證。Specifies the certificate on which the permission is being granted. 需要範圍限定詞 "::"。The scope qualifier "::" is required.

database_principaldatabase_principal
指定要對其授與權限的主體。Specifies the principal to which the permission is being granted. 下列其中之一:One of the following:

  • 資料庫使用者database user
  • 資料庫角色database role
  • 應用程式角色application role
  • 對應至 Windows 登入的資料庫使用者database user mapped to a Windows login
  • 對應至 Windows 群組的資料庫使用者database user mapped to a Windows group
  • 對應至憑證的資料庫使用者database user mapped to a certificate
  • 對應至非對稱金鑰的資料庫使用者database user mapped to an asymmetric key
  • 未對應至伺服器主體的資料庫使用者database user not mapped to a server principal.

GRANT OPTIONGRANT OPTION
指出主體也有權授與指定權限給其他主體。Indicates that the principal will also be given the ability to grant the specified permission to other principals.

AS granting_principalAS granting_principal
指定主體,執行這項查詢的主體就是從這個主體衍生權限來授與權限。Specifies a principal from which the principal executing this query derives its right to grant the permission. 下列其中之一:One of the following:

  • 資料庫使用者database user
  • 資料庫角色database role
  • 應用程式角色application role
  • 對應至 Windows 登入的資料庫使用者database user mapped to a Windows login
  • 對應至 Windows 群組的資料庫使用者database user mapped to a Windows group
  • 對應至憑證的資料庫使用者database user mapped to a certificate
  • 對應至非對稱金鑰的資料庫使用者database user mapped to an asymmetric key
  • 未對應至伺服器主體的資料庫使用者database user not mapped to a server principal.

備註Remarks

憑證是一個由資料庫所包含的資料庫層級安全性實體,在權限階層中,此資料庫為該安全性實體的父系。A certificate is a database-level securable contained by the database that is its parent in the permissions hierarchy. 下面所列的是可以授與之最特定且最有限的憑證權限,並列出利用隱含方式來併入這些權限的較通用權限。The most specific and limited permissions that can be granted on a certificate are listed below, together with the more general permissions that include them by implication.

憑證權限Certificate permission 憑證權限所隱含Implied by certificate permission 資料庫權限所隱含Implied by database permission
CONTROLCONTROL CONTROLCONTROL CONTROLCONTROL
TAKE OWNERSHIPTAKE OWNERSHIP CONTROLCONTROL CONTROLCONTROL
ALTERALTER CONTROLCONTROL ALTER ANY CERTIFICATEALTER ANY CERTIFICATE
REFERENCESREFERENCES CONTROLCONTROL REFERENCESREFERENCES
VIEW DEFINITIONVIEW DEFINITION CONTROLCONTROL VIEW DEFINITIONVIEW DEFINITION

權限Permissions

同意授權者 (或是指定了 AS 選項的主體) 必須具有指定了 GRANT OPTION 的權限本身,或是具有隱含目前正在授與權限的更高權限。The grantor (or the principal specified with the AS option) must have either the permission itself with GRANT OPTION, or a higher permission that implies the permission being granted.

如果是使用 AS 選項,就必須套用這些額外的需求。If using the AS option, these additional requirements apply.

AS granting_principalAS granting_principal 其他必要的權限Additional permission required
資料庫使用者Database user 使用者的 IMPERSONATE 權限、db_securityadmin 固定資料庫角色中的成員資格、db_owner 固定資料庫角色中的成員資格,或 sysadmin 固定伺服器角色中的成員資格。IMPERSONATE permission on the user, membership in the db_securityadmin fixed database role, membership in the db_owner fixed database role, or membership in the sysadmin fixed server role.
對應至 Windows 登入的資料庫使用者Database user mapped to a Windows login 使用者的 IMPERSONATE 權限、db_securityadmin 固定資料庫角色中的成員資格、db_owner 固定資料庫角色中的成員資格,或 sysadmin 固定伺服器角色中的成員資格。IMPERSONATE permission on the user, membership in the db_securityadmin fixed database role, membership in the db_owner fixed database role, or membership in the sysadmin fixed server role.
對應至 Windows 群組的資料庫使用者Database user mapped to a Windows group Windows 群組中的成員資格、db_securityadmin 固定資料庫角色中的成員資格、db_owner 固定資料庫角色中的成員資格,或 sysadmin 固定伺服器角色中的成員資格。Membership in the Windows group, membership in the db_securityadmin fixed database role, membership in the db_owner fixed database role, or membership in the sysadmin fixed server role.
對應至憑證的資料庫使用者Database user mapped to a certificate db_securityadmin 固定資料庫角色中的成員資格、db_owner 固定資料庫角色中的成員資格,或 sysadmin 固定伺服器角色中的成員資格。Membership in the db_securityadmin fixed database role, membership in the db_owner fixed database role, or membership in the sysadmin fixed server role.
對應至非對稱金鑰的資料庫使用者Database user mapped to an asymmetric key db_securityadmin 固定資料庫角色中的成員資格、db_owner 固定資料庫角色中的成員資格,或 sysadmin 固定伺服器角色中的成員資格。Membership in the db_securityadmin fixed database role, membership in the db_owner fixed database role, or membership in the sysadmin fixed server role.
未對應至任何伺服器主體的資料庫使用者Database user not mapped to any server principal 使用者的 IMPERSONATE 權限、db_securityadmin 固定資料庫角色中的成員資格、db_owner 固定資料庫角色中的成員資格,或 sysadmin 固定伺服器角色中的成員資格。IMPERSONATE permission on the user, membership in the db_securityadmin fixed database role, membership in the db_owner fixed database role, or membership in the sysadmin fixed server role.
資料庫角色Database role 角色的 ALTER 權限、db_securityadmin 固定資料庫角色中的成員資格、db_owner 固定資料庫角色中的成員資格,或 sysadmin 固定伺服器角色中的成員資格。ALTER permission on the role, membership in the db_securityadmin fixed database role, membership in the db_owner fixed database role, or membership in the sysadmin fixed server role.
應用程式角色Application role 角色的 ALTER 權限、db_securityadmin 固定資料庫角色中的成員資格、db_owner 固定資料庫角色中的成員資格,或 sysadmin 固定伺服器角色中的成員資格。ALTER permission on the role, membership in the db_securityadmin fixed database role, membership in the db_owner fixed database role, or membership in the sysadmin fixed server role.

物件擁有者可以授與他們所擁有之物件的權限。Object owners can grant permissions on the objects they own. 具有安全性實體之 CONTROL 權限的主體可以授與該安全性實體的權限。Principals with CONTROL permission on a securable can grant permission on that securable.

CONTROL SERVER 權限的承授者 (例如 sysadmin 固定伺服器角色的成員),可以授與伺服器中任何安全性實體的任何權限。Grantees of CONTROL SERVER permission, such as members of the sysadmin fixed server role, can grant any permission on any securable in the server. 資料庫 CONTROL 權限的承授者 (例如 db_owner 固定資料庫角色的成員) 可以授與資料庫中任何安全性實體的任何權限。Grantees of CONTROL permission on a database, such as members of the db_owner fixed database role, can grant any permission on any securable in the database. 結構描述之 CONTROL 權限的被授與者,可以授與結構描述中任何物件的任何權限。Grantees of CONTROL permission on a schema can grant any permission on any object within the schema.

另請參閱See Also

GRANT (Transact-SQL) GRANT (Transact-SQL)
權限 (資料庫引擎) Permissions (Database Engine)
主體 (Database Engine) Principals (Database Engine)
CREATE CERTIFICATE (Transact-SQL) CREATE CERTIFICATE (Transact-SQL)
CREATE ASYMMETRIC KEY (Transact-SQL) CREATE ASYMMETRIC KEY (Transact-SQL)
CREATE APPLICATION ROLE (Transact-SQL) CREATE APPLICATION ROLE (Transact-SQL)
加密階層Encryption Hierarchy