Granting privileges to the BIS workspace components in SQL Server (Bathymetry Solution)
The geodatabase administrator needs to grant specific privileges to the tables for all users that will be accessing the Bathymetry Information System (BIS) workspace. This can be accomplished by creating database roles and assigning the roles to the individual users.
При копировании и вставке примеров могут возникнуть синтаксические ошибки.
Granting permissions
In SQL Server Management Studio, grant permissions to the BIS workspace tables through the schema. The sample script shows how to remove existing members from a role and drop the roles, and then re-create the role and assign permissions to the role through the schema.
USE [bisdb]
GO
EXEC sp_droprolemember 'bis_editor', 'giseditor'
GO
EXEC sp_droprole 'bis_editor'
GO
EXEC sp_addrole 'bis_editor', 'bis'
GO
GRANT DELETE ON SCHEMA::[bis] TO [bis_editor]
GRANT EXECUTE ON SCHEMA::[bis] TO [bis_editor]
GRANT INSERT ON SCHEMA::[bis] TO [bis_editor]
GRANT SELECT ON SCHEMA::[bis] TO [bis_editor]
GRANT UPDATE ON SCHEMA::[bis] TO [bis_editor]
GO
EXEC sp_droprolemember 'bis_viewer', 'gisviewer'
GO
EXEC sp_droprole 'bis_viewer'
GO
EXEC sp_addrole 'bis_viewer', 'bis'
GO
GRANT SELECT ON SCHEMA::[bis] TO [bis_viewer]
GO
Verifying roles and permissions
This will list the roles.
EXEC sp_helprolemember 'bis_editor'
GO
EXEC sp_helprolemember 'bis_viewer'
GO
This will list the privileges assigned to the role.
select dp.NAME AS principal_name,
dp.type_desc AS principal_type_desc,
o.NAME AS object_name,
p.permission_name,
p.state_desc AS permission_state_desc
from sys.database_permissions p
left OUTER JOIN sys.all_objects o
on p.major_id = o.OBJECT_ID
inner JOIN sys.database_principals dp
on p.grantee_principal_id = dp.principal_id
where dp.NAME in ('bis_editor','bis_viewer')
GO
Creating an editor user
Users should have their own login names. The steps below show how to create an editor ArcSDE user.
- Create the editor login.
USE master GO EXEC sp_addlogin N'giseditor', 'gis$editor', @logindb, @loginlang GO
- Create the user for the login in bisdb.
USE [bisdb] GO CREATE USER [giseditor] FOR LOGIN [giseditor] GO
- Add the user to the editor role.
USE [bisdb] GO EXEC sp_addrolemember N'bis_editor', N'giseditor' GO
Creating a viewer user
Users should have their own login names. The steps below show how to create a viewer ArcSDE user.
- Create the viewer login.
USE master GO EXEC sp_addlogin N'gisviewer', 'gis$viewer', @logindb, @loginlang GO
- Create the user for the login in the BISDB.
USE [bisdb] GO CREATE USER [gisviewer] FOR LOGIN [gisviewer] GO
- Add the user to the viewer role.
USE [bisdb] GO EXEC sp_addrolemember N'bis_viewer', N'gisviewer' GO