SQL安全管理--建立管理登录账户与相应权限的设定
2010-05-06 20:40
344 查看
实验名称:建立管理登录账户与相应权限的设定
实验需求描述 :在电信公司服务器的默认实例中已经建立了一个数据库Tariffsmall用来存储通话计费信息,现在需要加强数据库的安全,以保障系统的正常运行。通过适当的权限分配,授予或撤销用户的访问数据库及其对象的权限。
试验步骤:
1. 设置SQL server身份验证模式。
![](https://oscdn.geek-share.com/Uploads/Images/Content/201912/09/f8bc8597b86bd47797b7cbef6a6ecc2c.jpg)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201912/09/9f18ee617d832d9cc0d6209f31e72c8d.jpg)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201912/09/5b467184aa3db8b554c943f0a816d0bf.jpg)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201912/09/87b3783818182d3066fd3f777358d725.jpg)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201912/09/0e2aad1c77a0016d8fee35727ae1884c.jpg)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201912/09/113d75173f3319d81334cec8c1f6f741.jpg)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201912/09/14aa285fa874c07ddc1899a971ffd733.jpg)
1. 新建windows的登录账户,分别创建A组、B组和C组并建立与SQL server账户的对应关系(分别在SQL server上创建三个和组同名的账户)。
![](https://oscdn.geek-share.com/Uploads/Images/Content/201912/09/203cba7569d99001c764f0019e3aec72.jpg)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201912/09/fe4c6e95cf3fede4625dcc3f7884618f.jpg)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201912/09/ee49628f6b205cde4906a2c2f1e4a3f5.jpg)
A组设置选项为:windows身份验证模式、默认数据库Tariffsmall。
![](https://oscdn.geek-share.com/Uploads/Images/Content/201912/09/bf1d89741187f1a0340903d2c477a936.jpg)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201912/09/0ec7e0f5337e1caa5cb3b1d6d3e0d319.jpg)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201912/09/2b45c762095a656c04b265fafb2aec5f.jpg)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201912/09/dbd689a8836f1a8328f11ef6feb1d05b.jpg)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201912/09/41574c703966f605bb1343cde9861ff8.jpg)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201912/09/6542ef267843edfe477c41967300f5ed.jpg)
B组的设置选项为:windows身份验证模式、默认数据库Tariffsmall。
![](https://oscdn.geek-share.com/Uploads/Images/Content/201912/09/46752dea4dca548faad7d0e4a5f11195.jpg)
C组的设置选项为:windows身份验证模式、默认数据库Master。
![](https://oscdn.geek-share.com/Uploads/Images/Content/201912/09/a2d3acc3446ffc8201dafa355a8ce91b.jpg)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201912/09/f1ccf47026fdadeac0ad5576cfda7cbe.jpg)
1. 新建SQL 登录账户yue和yezi并设置密码:
登录账户yue设置选项如下:“强制实施密码策略”为选择,“强制密码过期”为选择,“用户在下次登录时必须更改密码”为不选择,默认数据库是Master
![](https://oscdn.geek-share.com/Uploads/Images/Content/201912/09/fc73fd9c8cf8632b1b0b94d0219d2ed1.jpg)
登录账户yezi设置选项如下:“强制实施密码策略”为不选择,“强制密码过期”为不选择,“用户在下次登录时必须更改密码”为不选择,默认数据库是Tariffsmall
![](https://oscdn.geek-share.com/Uploads/Images/Content/201912/09/4ec27e224d1a393cc97474585be6c625.jpg)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201912/09/4a374c95c5709692b84fcd6c35889999.jpg)
验证密码策略:
在对象资源管理器中,右击登录名yue,选择“属性”。
更改密码为简单形式
![](https://oscdn.geek-share.com/Uploads/Images/Content/201912/09/33391830c673278d273fab0a2e44aef3.jpg)
如图,如果提示错误,则证明设置正确(如果是在工作组上安装的数据库,一定要保证本地策略已经启用了强密码策略才会有效果)。
![](https://oscdn.geek-share.com/Uploads/Images/Content/201912/09/c5f260db7d35bcdd889cafa62238a902.jpg)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201912/09/a04b25aef9449bd5084f042adc0a3dba.jpg)
5.将登录账户加入到服务器角色,主要将C组加入到dbcreator角色中,并验证C的权限:
![](https://oscdn.geek-share.com/Uploads/Images/Content/201912/09/4d97bc65653f285961c4e535a0e134ca.jpg)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201912/09/b826e757425c2980f313e91f07e51acb.jpg)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201912/09/6435586280bf0de0d839bb7c460f1168.jpg)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201912/09/ae774b7a5aaa3d4fd75ae413f0669dc5.jpg)
创建jim账号,并将jim加入到C组,用jim登录。
![](https://oscdn.geek-share.com/Uploads/Images/Content/201912/09/d636f9361868445e89ea736cf5b32878.jpg)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201912/09/0a25a911c75e1a157f86a8988900cff1.jpg)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201912/09/6a98aa2c70ef0c65bb10e58a73dbd620.jpg)
创建数据库test,验证创建的效果。
![](https://oscdn.geek-share.com/Uploads/Images/Content/201912/09/12bbed155152c6af090a7f4e330fa776.jpg)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201912/09/f8e62cdf61a827d2567a17e9fcdbf67c.jpg)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201912/09/e2b0fdb1240c445c6ea9e7045fa81f4f.jpg)
6.给yue账户分配权限:
在对象资源管理器中,右击yue,选择“属性”。
![](https://oscdn.geek-share.com/Uploads/Images/Content/201912/09/e14d9112c4617e840044dd37f7eff88e.jpg)
在“安全对象”选项卡中,添加yezi用户,授予其Alter权限。
![](https://oscdn.geek-share.com/Uploads/Images/Content/201912/09/9fc77878efdadc722523f16ae455cbe9.jpg)
7.验证yue是否可以改变yezi的密码,利用yue账户修改yezi的密码。(要修改密码,必须知道旧密码)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201912/09/d4afd8d02c4ac40202f07db0eb50cb0f.jpg)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201912/09/840b7abe53c3d5c4ed18cfbf4df23d59.jpg)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201912/09/c84bf426eb5d146903b3725b77ed6dab.jpg)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201912/09/1711f4e8345b88a2a5fe7e5d9a2dc17c.jpg)
8.建立数据库用户映射windows登录账户,将A组和B组映射到Tariffsmall数据库。
在Tariffsmall数据库节点下,扩展“安全性—用户”节点。
在“新建用户”对话框中创建A组和Tariffsmall的映射关系。
![](https://oscdn.geek-share.com/Uploads/Images/Content/201912/09/512a935ffb388fe93e2c8966a0fdec62.jpg)
在“新建用户”对话框中创建B组和Tariffsmall的映射关系
![](https://oscdn.geek-share.com/Uploads/Images/Content/201912/09/1d0a8aa4f1a9a9fb8d0b1e284ed7b43f.jpg)
9.建立数据库用户映射单独的windows用户,将jim和tom两个用户增加到Tariffsmall的数据库节点下。
创建windows用户frank并加入到A组。
![](https://oscdn.geek-share.com/Uploads/Images/Content/201912/09/33afa195c9074e1b40b0794f9beb02dc.jpg)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201912/09/1fc675ad5cbfdc33afc433ad5b3ef32e.jpg)
将用户tom映射到Tariffsmall数据库,设置选项如下:“用户名”为frank,登录名为主机名\frank
![](https://oscdn.geek-share.com/Uploads/Images/Content/201912/09/920bde85a8c19a763403a98c70d50189.jpg)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201912/09/1118ccd58bc8150efb5dd6b12b859c3b.jpg)
将前面创建的用户jim映射到Tariffsmall数据库,设置选项如下;用户名为jim,登录名为主机名\jim,默认架构为dbo。
![](https://oscdn.geek-share.com/Uploads/Images/Content/201912/09/2eaa559859341d29f4a64c37023eccfd.jpg)
10.建立数据库用户映射到SQL server登录账号。新建yezi登录账号到Tariffsmall数据库节点下。
![](https://oscdn.geek-share.com/Uploads/Images/Content/201912/09/1ddd22a32e289cf190bf371d8864717a.jpg)
11.添加用户到数据库角色(将用户jim到db_datareader。
![](https://oscdn.geek-share.com/Uploads/Images/Content/201912/09/f4d745b27395d5212146670208395fc0.jpg)
12.验证yezi的权限。(查询Tariffsmall数据库表里面的数据,提示备份正常)。
![](https://oscdn.geek-share.com/Uploads/Images/Content/201912/09/090b74b12a600710bda2ca689909bb41.jpg)
13.验证jim的权限。(利用jim登录,尝试备份数据库,提示备份正常)。
14.验证tom的权限(查询Tariffsmall数据库表里面的数据,会返回错误提示)
15.添加A用户到数据库角色(将Tariffsmall数据库中Accountbill表里的select权限赋给A组成员)。
![](https://oscdn.geek-share.com/Uploads/Images/Content/201912/09/b290344d0d073904f58f0604e66ac03e.jpg)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201912/09/479dae2f81722ea2864a3a58bb670b62.jpg)
16.验证tom的权限(利用tom账号来验证是否可以查询Tariffsmall数据库中Accountbill表上的数据。
17.建立用户定义数据库角色(在Tariffsmall数据库上创建HRAdmin角色)。
![](https://oscdn.geek-share.com/Uploads/Images/Content/201912/09/77d191b9c7daa02053f322a12b8f2068.jpg)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201912/09/b4e4ebb4cb91df69e5b03d08a2ca6481.jpg)
18.授予用户定义数据库角色权限(为Accountbill表授权,将该表的select、insert、update、delete权限赋予HRAdmin
![](https://oscdn.geek-share.com/Uploads/Images/Content/201912/09/211bd0b8e136814b0649cce029d71066.jpg)
19.验证tom用户的权限(将用户tom添加到HRAdmin角色中,利用tom登录,验证该用户对于Accountbill表石否有查询和修改权限。
![](https://oscdn.geek-share.com/Uploads/Images/Content/201912/09/9db831a8a7bd4040f9c3e9ea16f416b5.jpg)
[/b]
相关文章推荐
- 建立管理登陆账户与相应权限的设定
- SQL安全管理范例-创建一个只能在应用程序中登录才有权限的用户.sql
- 症状解决,原因不详的用非默认管理权限账户登录COM注册成功但找不到类型问题
- 如何通过注入SQL语句获取网站管理权限及安全措施(转)
- MongoDB的账户与权限管理及在Python与Java中的登录
- MySQL与安全:ACLs、账户、密码、权限、远程登录
- sql登录账户的添加与添加数据库账户和赋予权限
- MongoDB的账户与权限管理及在Python与Java中的登录
- SQL新建登录帐户,并为新帐户建立安全帐户,并授予访问数据库的角色
- MongoDB的账户与权限管理及在Python与Java中的登录
- mysql管理密码修改及管理权限设定(zz)
- mysql 开发进阶篇系列 54 权限与安全(账号管理的各种权限操作 下)
- Asp.Net Core 项目实战之权限管理系统(5) 用户登录
- sqlserver2008附加sqlserver2005数据库目录出错,需要设置mdf后缀文件夹“管理员取得所有权”,并用windows管理权限登录数据库不要用sa
- 整理 SQL 数据库导出迁移用户账户及权限
- Spring安全权限管理(Spring Security) .
- Spring安全权限管理(Spring Security)
- Shiro 整合SpringMVC 并且实现权限管理,登录和注销
- shiro实现APP保持登录状态,以及web统一登录认证和权限管理,会话保持在web和APP之间。
- Exchange Server 2010与RMS集成之二:利用权限管理模板来保护邮件安全