本文介绍RDS SQL Server各账号类型、权限类型对应的角色与权限。

注意事项

  • 出于安全考虑,RDS未开放所有权限。针对这个问题,阿里云利用存储过程对部分未开放权限做了封装,您可通过存储过程执行部分受限的操作。更多信息,请参见存储过程
  • 超级权限账号需要提交工单申请,由于超级权限账号具备最高管理权限,申请超级权限账号后的实例无法再适用于RDS服务等级协议SLA

账号权限列表

账号类型 授权对象 权限类型 角色 权限
  • 高权限账号
  • 普通账号
用户数据库 所有者
  • Server级别角色
    • public
    • processadmin
    • setupadmin
  • Database级别角色
    • public
    • db_owner

  • CONNECT SQL
  • ALTER ANY LOGIN
  • ALTER ANY LINKED SERVER
  • ALTER ANY CONNECTION
  • ALTER TRACE
  • VIEW ANY DATABASE
  • VIEW SERVER STATE
  • ALTER SERVER STATE
  • CREATE TABLE
  • CREATE VIEW
  • CREATE PROCEDURE
  • CREATE FUNCTION
  • CREATE RULE
  • CREATE DEFAULT
  • CREATE TYPE
  • CREATE ASSEMBLY
  • CREATE XML SCHEMA COLLECTION
  • CREATE SCHEMA
  • CREATE SYNONYM
  • CREATE AGGREGATE
  • CREATE ROLE
  • CREATE MESSAGE TYPE
  • CREATE SERVICE
  • CREATE CONTRACT
  • CREATE REMOTE SERVICE BINDING
  • CREATE ROUTE
  • CREATE QUEUE
  • CREATE SYMMETRIC KEY
  • CREATE ASYMMETRIC KEY
  • CREATE FULLTEXT CATALOG
  • CREATE CERTIFICATE
  • CREATE DATABASE DDL EVENT NOTIFICATION
  • CONNECT
  • CONNECT REPLICATION
  • CHECKPOINT
  • SUBSCRIBE QUERY NOTIFICATIONS
  • AUTHENTICATE
  • SHOWPLAN
  • ALTER ANY USER
  • ALTER ANY ROLE
  • ALTER ANY APPLICATION ROLE
  • ALTER ANY COLUMN ENCRYPTION KEY
  • ALTER ANY COLUMN MASTER KEY
  • ALTER ANY SCHEMA
  • ALTER ANY ASSEMBLY
  • ALTER ANY DATABASE SCOPED CONFIGURATION
  • ALTER ANY DATASPACE
  • ALTER ANY EXTERNAL DATA SOURCE
  • ALTER ANY EXTERNAL FILE FORMAT
  • ALTER ANY MESSAGE TYPE
  • ALTER ANY CONTRACT
  • ALTER ANY SERVICE
  • ALTER ANY REMOTE SERVICE BINDING
  • ALTER ANY ROUTE
  • ALTER ANY FULLTEXT CATALOG
  • ALTER ANY SYMMETRIC KEY
  • ALTER ANY ASYMMETRIC KEY
  • ALTER ANY CERTIFICATE
  • ALTER ANY SECURITY POLICY
  • SELECT
  • INSERT
  • UPDATE
  • DELETE
  • REFERENCES
  • EXECUTE
  • ALTER ANY DATABASE DDL TRIGGER
  • ALTER ANY DATABASE EVENT NOTIFICATION
  • ALTER ANY DATABASE AUDIT
  • ALTER ANY DATABASE EVENT SESSION
  • KILL DATABASE CONNECTION
  • VIEW ANY COLUMN ENCRYPTION KEY DEFINITION
  • VIEW ANY COLUMN MASTER KEY DEFINITION
  • VIEW DATABASE STATE
  • VIEW DEFINITION
  • TAKE OWNERSHIP
  • ALTER
  • ALTER ANY MASK
  • UNMASK
  • EXECUTE ANY EXTERNAL SCRIPT
  • CONTROL

只读
  • Server级别角色
    • public
    • processadmin
    • setupadmin
  • Database级别角色
    • public
    • db_datareader

  • CONNECT SQL
  • ALTER ANY LOGIN
  • ALTER ANY LINKED SERVER
  • ALTER ANY CONNECTION
  • ALTER TRACE
  • VIEW ANY DATABASE
  • VIEW SERVER STATE
  • ALTER SERVER STATE
  • CONNECT
  • SHOWPLAN
  • SELECT
  • KILL DATABASE CONNECTION
  • VIEW ANY COLUMN ENCRYPTION KEY DEFINITION
  • VIEW ANY COLUMN MASTER KEY DEFINITION
  • VIEW DATABASE STATE

读写(DML)
  • Server级别角色
    • public
    • processadmin
    • setupadmin
  • Database级别角色
    • public
    • db_datareader
    • db_datawriter

  • CONNECT SQL
  • ALTER ANY LOGIN
  • ALTER ANY LINKED SERVER
  • ALTER ANY CONNECTION
  • ALTER TRACE
  • VIEW ANY DATABASE
  • VIEW SERVER STATE
  • ALTER SERVER STATE
  • CONNECT
  • SHOWPLAN
  • SELECT
  • INSERT
  • UPDATE
  • DELETE
  • KILL DATABASE CONNECTION
  • VIEW ANY COLUMN ENCRYPTION KEY DEFINITION
  • VIEW ANY COLUMN MASTER KEY DEFINITION
  • VIEW DATABASE STATE

超级权限账号 所有数据库 所有权限
  • Server级别角色:sysadmin
  • Database级别角色:db_owner

  • CONNECT SQL
  • SHUTDOWN
  • CREATE ENDPOINT
  • CREATE ANY DATABASE
  • CREATE AVAILABILITY GROUP
  • ALTER ANY LOGIN
  • ALTER ANY CREDENTIAL
  • ALTER ANY ENDPOINT
  • ALTER ANY LINKED SERVER
  • ALTER ANY CONNECTION
  • ALTER ANY DATABASE
  • ALTER RESOURCES
  • ALTER SETTINGS
  • ALTER TRACE
  • ALTER ANY AVAILABILITY GROUP
  • ADMINISTER BULK OPERATIONS
  • AUTHENTICATE SERVER
  • EXTERNAL ACCESS ASSEMBLY
  • VIEW ANY DATABASE
  • VIEW ANY DEFINITION
  • VIEW SERVER STATE
  • CREATE DDL EVENT NOTIFICATION
  • CREATE TRACE EVENT NOTIFICATION
  • ALTER ANY EVENT NOTIFICATION
  • ALTER SERVER STATE
  • UNSAFE ASSEMBLY
  • ALTER ANY SERVER AUDIT
  • CREATE SERVER ROLE
  • ALTER ANY SERVER ROLE
  • ALTER ANY EVENT SESSION
  • CONNECT ANY DATABASE
  • IMPERSONATE ANY LOGIN
  • SELECT ALL USER SECURABLES
  • CONTROL SERVER
  • CREATE TABLE
  • CREATE VIEW
  • CREATE PROCEDURE
  • CREATE FUNCTION
  • CREATE RULE
  • CREATE DEFAULT
  • BACKUP DATABASE
  • BACKUP LOG
  • CREATE DATABASE
  • CREATE TYPE
  • CREATE ASSEMBLY
  • CREATE XML SCHEMA COLLECTION
  • CREATE SCHEMA
  • CREATE SYNONYM
  • CREATE AGGREGATE
  • CREATE ROLE
  • CREATE MESSAGE TYPE
  • CREATE SERVICE
  • CREATE CONTRACT
  • CREATE REMOTE SERVICE BINDING
  • CREATE ROUTE
  • CREATE QUEUE
  • CREATE SYMMETRIC KEY
  • CREATE ASYMMETRIC KEY
  • CREATE FULLTEXT CATALOG
  • CREATE CERTIFICATE
  • CREATE DATABASE DDL EVENT NOTIFICATION
  • CONNECT
  • CONNECT REPLICATION
  • CHECKPOINT
  • SUBSCRIBE QUERY NOTIFICATIONS
  • AUTHENTICATE
  • SHOWPLAN
  • ALTER ANY USER
  • ALTER ANY ROLE
  • ALTER ANY APPLICATION ROLE
  • ALTER ANY COLUMN ENCRYPTION KEY
  • ALTER ANY COLUMN MASTER KEY
  • ALTER ANY SCHEMA
  • ALTER ANY ASSEMBLY
  • ALTER ANY DATABASE SCOPED CONFIGURATION
  • ALTER ANY DATASPACE
  • ALTER ANY EXTERNAL DATA SOURCE
  • ALTER ANY EXTERNAL FILE FORMAT
  • ALTER ANY MESSAGE TYPE
  • ALTER ANY CONTRACT
  • ALTER ANY SERVICE
  • ALTER ANY REMOTE SERVICE BINDING
  • ALTER ANY ROUTE
  • ALTER ANY FULLTEXT CATALOG
  • ALTER ANY SYMMETRIC KEY
  • ALTER ANY ASYMMETRIC KEY
  • ALTER ANY CERTIFICATE
  • ALTER ANY SECURITY POLICY
  • SELECT
  • INSERT
  • UPDATE
  • DELETE
  • REFERENCES
  • EXECUTE
  • ALTER ANY DATABASE DDL TRIGGER
  • ALTER ANY DATABASE EVENT NOTIFICATION
  • ALTER ANY DATABASE AUDIT
  • ALTER ANY DATABASE EVENT SESSION
  • KILL DATABASE CONNECTION
  • VIEW ANY COLUMN ENCRYPTION KEY DEFINITION
  • VIEW ANY COLUMN MASTER KEY DEFINITION
  • VIEW DATABASE STATE
  • VIEW DEFINITION
  • TAKE OWNERSHIP
  • ALTER
  • ALTER ANY MASK
  • UNMASK
  • EXECUTE ANY EXTERNAL SCRIPT
  • CONTROL