账号权限列表

本文介绍RDS SQL Server各账号类型、权限类型对应的角色与权限。

注意事项

出于安全考虑,RDS未开放所有权限。针对这个问题,阿里云利用存储过程对部分未开放权限做了封装,您可通过存储过程执行部分受限的操作。更多信息,请参见存储过程

账号权限列表

账号类型

授权对象

权限类型

角色

权限

  • 高权限账号

  • 普通账号

用户数据库

所有者

  • Server级别角色

    • public

    • processadmin

    • setupadmin

  • Database级别角色

    • public

    • db_owner

Server级别权限

  • CONNECT SQL

  • ALTER ANY LOGIN

  • ALTER ANY LINKED SERVER

  • ALTER ANY CONNECTION

  • ALTER TRACE

  • VIEW ANY DATABASE

  • VIEW SERVER STATE

  • ALTER SERVER STATE

Database级别权限

  • CREATE TABLE

  • CREATE VIEW

  • CREATE PROCEDURE

  • CREATE FUNCTION

  • CREATE RULE

  • CREATE DEFAULT

  • CREATE TYPE

  • CREATE ASSEMBLY

  • CREATE XML SCHEMA COLLECTION

  • CREATE SCHEMA

  • CREATE SYNONYM

  • CREATE AGGREGATE

  • CREATE ROLE

  • CREATE MESSAGE TYPE

  • CREATE SERVICE

  • CREATE CONTRACT

  • CREATE REMOTE SERVICE BINDING

  • CREATE ROUTE

  • CREATE QUEUE

  • CREATE SYMMETRIC KEY

  • CREATE ASYMMETRIC KEY

  • CREATE FULLTEXT CATALOG

  • CREATE CERTIFICATE

  • CREATE DATABASE DDL EVENT NOTIFICATION

  • CONNECT

  • CONNECT REPLICATION

  • CHECKPOINT

  • SUBSCRIBE QUERY NOTIFICATIONS

  • AUTHENTICATE

  • SHOWPLAN

  • ALTER ANY USER

  • ALTER ANY ROLE

  • ALTER ANY APPLICATION ROLE

  • ALTER ANY COLUMN ENCRYPTION KEY

  • ALTER ANY COLUMN MASTER KEY

  • ALTER ANY SCHEMA

  • ALTER ANY ASSEMBLY

  • ALTER ANY DATABASE SCOPED CONFIGURATION

  • ALTER ANY DATASPACE

  • ALTER ANY EXTERNAL DATA SOURCE

  • ALTER ANY EXTERNAL FILE FORMAT

  • ALTER ANY MESSAGE TYPE

  • ALTER ANY CONTRACT

  • ALTER ANY SERVICE

  • ALTER ANY REMOTE SERVICE BINDING

  • ALTER ANY ROUTE

  • ALTER ANY FULLTEXT CATALOG

  • ALTER ANY SYMMETRIC KEY

  • ALTER ANY ASYMMETRIC KEY

  • ALTER ANY CERTIFICATE

  • ALTER ANY SECURITY POLICY

  • SELECT

  • INSERT

  • UPDATE

  • DELETE

  • REFERENCES

  • EXECUTE

  • ALTER ANY DATABASE DDL TRIGGER

  • ALTER ANY DATABASE EVENT NOTIFICATION

  • ALTER ANY DATABASE AUDIT

  • ALTER ANY DATABASE EVENT SESSION

  • KILL DATABASE CONNECTION

  • VIEW ANY COLUMN ENCRYPTION KEY DEFINITION

  • VIEW ANY COLUMN MASTER KEY DEFINITION

  • VIEW DATABASE STATE

  • VIEW DEFINITION

  • TAKE OWNERSHIP

  • ALTER

  • ALTER ANY MASK

  • UNMASK

  • EXECUTE ANY EXTERNAL SCRIPT

  • CONTROL

只读

  • Server级别角色

    • public

    • processadmin

    • setupadmin

  • Database级别角色

    • public

    • db_datareader

Server级别权限

  • CONNECT SQL

  • ALTER ANY LOGIN

  • ALTER ANY LINKED SERVER

  • ALTER ANY CONNECTION

  • ALTER TRACE

  • VIEW ANY DATABASE

  • VIEW SERVER STATE

  • ALTER SERVER STATE

Database级别权限

  • CONNECT

  • SHOWPLAN

  • SELECT

  • KILL DATABASE CONNECTION

  • VIEW ANY COLUMN ENCRYPTION KEY DEFINITION

  • VIEW ANY COLUMN MASTER KEY DEFINITION

  • VIEW DATABASE STATE

读写(DML)

  • Server级别角色

    • public

    • processadmin

    • setupadmin

  • Database级别角色

    • public

    • db_datareader

    • db_datawriter

Server级别权限

  • CONNECT SQL

  • ALTER ANY LOGIN

  • ALTER ANY LINKED SERVER

  • ALTER ANY CONNECTION

  • ALTER TRACE

  • VIEW ANY DATABASE

  • VIEW SERVER STATE

  • ALTER SERVER STATE

Database级别权限

  • CONNECT

  • SHOWPLAN

  • SELECT

  • INSERT

  • UPDATE

  • DELETE

  • KILL DATABASE CONNECTION

  • VIEW ANY COLUMN ENCRYPTION KEY DEFINITION

  • VIEW ANY COLUMN MASTER KEY DEFINITION

  • VIEW DATABASE STATE

超级权限账号

所有数据库

所有权限

  • Server级别角色:sysadmin

  • Database级别角色:db_owner

Server级别权限

  • CONNECT SQL

  • SHUTDOWN

  • CREATE ENDPOINT

  • CREATE ANY DATABASE

  • CREATE AVAILABILITY GROUP

  • ALTER ANY LOGIN

  • ALTER ANY CREDENTIAL

  • ALTER ANY ENDPOINT

  • ALTER ANY LINKED SERVER

  • ALTER ANY CONNECTION

  • ALTER ANY DATABASE

  • ALTER RESOURCES

  • ALTER SETTINGS

  • ALTER TRACE

  • ALTER ANY AVAILABILITY GROUP

  • ADMINISTER BULK OPERATIONS

  • AUTHENTICATE SERVER

  • EXTERNAL ACCESS ASSEMBLY

  • VIEW ANY DATABASE

  • VIEW ANY DEFINITION

  • VIEW SERVER STATE

  • CREATE DDL EVENT NOTIFICATION

  • CREATE TRACE EVENT NOTIFICATION

  • ALTER ANY EVENT NOTIFICATION

  • ALTER SERVER STATE

  • UNSAFE ASSEMBLY

  • ALTER ANY SERVER AUDIT

  • CREATE SERVER ROLE

  • ALTER ANY SERVER ROLE

  • ALTER ANY EVENT SESSION

  • CONNECT ANY DATABASE

  • IMPERSONATE ANY LOGIN

  • SELECT ALL USER SECURABLES

  • CONTROL SERVER

Database级别权限

  • CREATE TABLE

  • CREATE VIEW

  • CREATE PROCEDURE

  • CREATE FUNCTION

  • CREATE RULE

  • CREATE DEFAULT

  • BACKUP DATABASE

  • BACKUP LOG

  • CREATE DATABASE

  • CREATE TYPE

  • CREATE ASSEMBLY

  • CREATE XML SCHEMA COLLECTION

  • CREATE SCHEMA

  • CREATE SYNONYM

  • CREATE AGGREGATE

  • CREATE ROLE

  • CREATE MESSAGE TYPE

  • CREATE SERVICE

  • CREATE CONTRACT

  • CREATE REMOTE SERVICE BINDING

  • CREATE ROUTE

  • CREATE QUEUE

  • CREATE SYMMETRIC KEY

  • CREATE ASYMMETRIC KEY

  • CREATE FULLTEXT CATALOG

  • CREATE CERTIFICATE

  • CREATE DATABASE DDL EVENT NOTIFICATION

  • CONNECT

  • CONNECT REPLICATION

  • CHECKPOINT

  • SUBSCRIBE QUERY NOTIFICATIONS

  • AUTHENTICATE

  • SHOWPLAN

  • ALTER ANY USER

  • ALTER ANY ROLE

  • ALTER ANY APPLICATION ROLE

  • ALTER ANY COLUMN ENCRYPTION KEY

  • ALTER ANY COLUMN MASTER KEY

  • ALTER ANY SCHEMA

  • ALTER ANY ASSEMBLY

  • ALTER ANY DATABASE SCOPED CONFIGURATION

  • ALTER ANY DATASPACE

  • ALTER ANY EXTERNAL DATA SOURCE

  • ALTER ANY EXTERNAL FILE FORMAT

  • ALTER ANY MESSAGE TYPE

  • ALTER ANY CONTRACT

  • ALTER ANY SERVICE

  • ALTER ANY REMOTE SERVICE BINDING

  • ALTER ANY ROUTE

  • ALTER ANY FULLTEXT CATALOG

  • ALTER ANY SYMMETRIC KEY

  • ALTER ANY ASYMMETRIC KEY

  • ALTER ANY CERTIFICATE

  • ALTER ANY SECURITY POLICY

  • SELECT

  • INSERT

  • UPDATE

  • DELETE

  • REFERENCES

  • EXECUTE

  • ALTER ANY DATABASE DDL TRIGGER

  • ALTER ANY DATABASE EVENT NOTIFICATION

  • ALTER ANY DATABASE AUDIT

  • ALTER ANY DATABASE EVENT SESSION

  • KILL DATABASE CONNECTION

  • VIEW ANY COLUMN ENCRYPTION KEY DEFINITION

  • VIEW ANY COLUMN MASTER KEY DEFINITION

  • VIEW DATABASE STATE

  • VIEW DEFINITION

  • TAKE OWNERSHIP

  • ALTER

  • ALTER ANY MASK

  • UNMASK

  • EXECUTE ANY EXTERNAL SCRIPT

  • CONTROL