Поделиться через


Revoke Method (Table, View)

В будущей версии Microsoft SQL Server эта возможность будет удалена. Избегайте использования этой возможности в новых разработках и запланируйте изменение существующих приложений, в которых она применяется.

The Revoke method undoes a grant or deny of a table permission or a list of permissions for one or more Microsoft SQL Server users or roles.

Синтаксис

object
.Revoke(
Privilege
,
GranteeNames
, [ ColumnNames ] ,
[ GrantGrant ] , [ RevokeGrantOption ] , [ AsRole ] )

Parts

  • object
    Expression that evaluates to an object in the Applies To list.

  • Privilege
    Long integer that specifies one or more table privileges as described in Settings.

  • GranteeNames
    SQL Distributed Management Objects (SQL-DMO) multistring that lists users or roles.

  • ColumnNames
    SQL-DMO multistring that lists columns within the base or view table referenced. When specified, the privileges specified are revoked for only the columns named.

  • GrantGrant
    When TRUE, the grantee(s) specified are granted the ability to execute the REVOKE statement referencing the base or view table. When FALSE (default), the ability to limit permission is not granted.

  • RevokeGrantOption
    When TRUE, the ability to extend permission is revoked. When FALSE (default), no change is made to the ability to extend permission.

  • AsRole
    String that identifies a role to which the connected user belongs as described in Remarks.

Prototype (C/C++)

HRESULT Revoke(
SQLDMO_PRIVILEGE_TYPE iPrivileges,
SQLDMO_LPCSTR GranteeNames,
SQLDMO_LPCSTR ColumnNames = NULL,
BOOL GrantGrant = FALSE,
BOOL RevokeGrantOption = FALSE,
SQLDMO_LPCSTR AsRole = NULL);

Settings

Set the Privilege argument by using these values. To specify more than a single permission, combine values by using an OR logical operator.

Constant

Value

Description

SQLDMOPriv_AllObjectPrivs

63

Revoke all granted or denied table permissions.

SQLDMOPriv_Delete

8

Revoke granted or denied permission to execute the DELETE statement referencing the table.

SQLDMOPriv_Insert

2

Revoke granted or denied permission to execute the INSERT statement referencing the table.

SQLDMOPriv_References

32

Revoke granted or denied permission to reference the table in statements implementing declarative referential integrity.

SQLDMOPriv_Select

1

Revoke granted or denied permission to execute the SELECT statement referencing the table.

SQLDMOPriv_Update

4

Revoke granted or denied permission to execute the UPDATE statement referencing the table.

Замечания

When a user is a member of more than a single role, the user can have permission to grant access to a table or view under one role and not under another. In this case, SQL Server security mechanisms prevent execution of the Revoke method on the Table or View object referencing the database object. Use the AsRole argument to specify the role under which permission to execute the grant exists.

Undoing a grant or deny of a permission to database users and roles by using the Revoke method of the Table or View object requires appropriate privilege. The SQL Server login used for SQLServer object connection must be granted the ability to execute GRANT referencing the database object, the owner of the database object, or a member of a role with greater privilege.

For more information about setting multistring parameters, see Using SQL-DMO Multistrings.