Я создал трех пользователей по одной схеме и предоставил им некоторые разрешения, такие как SELECT, INSERT и UPDATE, но я также хотел бы, чтобы DENY для некоторых из них разрешение UPDATE только для определенного количества строк (например, для каждой строки с ID = x).Это возможно?И если да, то как?
CREATE SCHEMA Customers
GO
CREATE SCHEMA SecurityInfo
GO
CREATE LOGIN John WITH PASSWORD = '1234'
GO
CREATE LOGIN Peter WITH PASSWORD = '2345'
GO
CREATE LOGIN Monica WITH PASSWORD = '3456'
GO
CREATE USER John FOR LOGIN John;
CREATE USER Peter FOR LOGIN Peter;
CREATE USER Monica FOR LOGIN Monica;
GRANT SELECT ON SCHEMA :: Customers TO John
GRANT SELECT ON SCHEMA :: Customers TO Peter
GRANT SELECT ON SCHEMA :: Customers TO Monica
GO
GRANT INSERT ON SCHEMA :: Customers TO John
GRANT INSERT ON SCHEMA :: Customers TO Peter
GRANT INSERT ON SCHEMA :: Customers TO Monica
GO
GRANT UPDATE ON SCHEMA :: Customers TO John
GRANT UPDATE ON SCHEMA :: Customers TO Peter
GRANT UPDATE ON SCHEMA :: Customers TO Monica
GO
IF OBJECT_ID('Customers.Customers', 'U') IS NOT NULL
DROP TABLE Customers.Customers
GO
IF OBJECT_ID('SecurityInfo.fn_CustomersSecurity', 'IF') IS NOT NULL
BEGIN
DROP FUNCTION SecurityInfo.fn_CustomersSecurity
END
GO
CREATE FUNCTION SecurityInfo.fn_CustomersSecurity(@UserName AS sysname)
RETURNS TABLE
WITH SCHEMABINDING
AS
RETURN SELECT 1 AS IsAccessGranted
WHERE @UserName = USER_NAME();
GO
IF OBJECT_ID('SecurityInfo.CustomersPolicy', 'SP') IS NOT NULL
BEGIN
DROP SECURITY POLICY SecurityInfo.CustomersPolicy
END
GO
CREATE SECURITY POLICY SecurityInfo.CustomersPolicy
ADD FILTER PREDICATE SecurityInfo.fn_CustomersSecurity(UserName)
ON Customers.Customers
WITH (STATE= ON);
GO