使用权限表来管理权限有其优点也有其缺点。
Managing access using an access matrix like the one above has advantages and disadvantages.
这里的讨论描述了权限表的底层结构以及服务器在与客户端交互时如何使用它们的内容。
The discussion here describes the underlying structure of the grant tables and how the server USES their contents when interacting with clients.
在本示例中,您并未在构造函数中提供命名用户的列表,因此返回的表将为配置表,而不是权限表。
In this example, you are not supplying a list of named users in the constructor, so the table returned will be a configuration table, not a permissions table.
在权限表中,ACTION_NO_ACTION条目表示完全拒绝授权,这是因为考虑到了注册中心信息。
In the case of permission tables, an ACTION_NO_ACTION entry indicates a true refusal of authorization, since the registry information is taken into account.
表1总结了每个权限级别及其用途
Table 1 summarizes each authority level and its intended use.
表2对比了每个权限级别允许的常见管理操作。
Table 2 compares common administrative operations permitted for each authority level.
清单6显示了在这个例子中分配给work表的权限。
Listing 6 shows the permissions to grant to the WORK table in the example.
执行这个函数模块的用户需要有在逻辑表级访问数据的权限。
The user executing the function module needs to have the appropriate rights to access data at the logical table level.
角色列在表的顶部,而按照模块分组的权限列在第一列中。
The roles are listed across the top of the table while the permissions, grouped by module, are in the first column.
DB 2UD b查看其目录表,看看该用户是否被授予了这个表的SELECT权限。
DB2 UDB looks in its catalog tables to see if this user has been granted permission to SELECT from this table.
要显示或操纵分区表,您需要是root用户,或者通过sudo命令获得root权限,如本清单所示。
You will need to be root or have root authority via sudo, as shown here, to display or manipulate the partition table.
顾客登录不能访问存储机密数据的表,而只有对特定表的只读权限;雇员登录拥有全部的访问权限。
The customer login cannot access the confidential tables, and has read-only access to certain data; the employee login has full access.
使用表2作为一个方便的八进制权限参考。
如果在某个表上拥有CONTROL权限,那么就可以更新属于该表的值,但是如果拥有数据库上显式的DBADM授权的话,那么您可以更新任何可更新的列。
If you hold CONTROL privilege on a table, you can update values that pertain to that table, but if you hold explicit DBADM authority on the database, you can change any updatable column.
与表一样,昵称也有对等的一组权限,用于控制用户在联邦系统上对昵称对象的访问。
Just like tables, nicknames have an equivalent set of privileges that can control user access to the nickname objects on the federated system.
此外,他还说:“开发者们想拿到官方的数据表,就得申请使用权限,公开他们的设计意图,同意一大堆冗长繁琐的协议。”
Furthermore, he says, "Developers wanting access to the official datasets must apply for permission to access them, stating their intentions and agreeing to a lengthy and onerous contract."
换句话说,如果对某个表的所有访问都是静态的,则DBA将不需要授予对整个表或视图的访问权限,而是仅授予对包的访问权限。
In other words, if all access to a table is static, the DBA would not need to grant access to the entire table or view, just to the package.
用于访问外部表的权限由IDS通过外部表上的用户访问特权治理,还受到由操作系统管理的数据文件权限的治理。
The permissions used to access external tables is governed by the user access privileges on the external table by IDS as well as the data file permissions managed by the operating system.
考虑一个包含每个表的名称的视图,并且用户的授权id被显式地授予了这些表上的SELECT权限。
Consider a view that includes the name of every table on which a user's authorization id has been explicitly granted the SELECT privilege.
因此,除了没有权限的用户外,如果取消授予操作系统权限的要求,则LDAP和用户自定义注册表都是不错的选择。
As a result, both LDAP and custom user registries are good alternatives for negating the requirement to grant OS privileges over and above that of an unprivileged user.
然而,由于我们之前设置的远程-注册表帐户是管理员用户,所以我们只要通过执行以下这些步骤,就能将远程注册表访问权限限制为管理员。
However, as the remote-registry accounts we set up earlier are admin users, we can restrict remote registry access to administrators only by following these steps.
表3总结了对于用户或用户组可以授予和撤消的数据库权限类型。
Table 3 summarizes the types of database authorities that can be granted to and revoked from users or groups of users.
当您被授予使用一个视图或包的权限时,您被自动获得对视图或包中各个表的访问权限。
When you are granted privileges to use a view or a package, you automatically get access to the tables referenced in the view or package.
第三种构造函数用于构造表4和表5中的显示所用的权限样式的透视图。
This third constructor is used for permission-style perpectives of the sort used to construct the displays in Tables 4 and 5.
图7显示如何基于用户要使用的表、过程和视图来编辑和授予用户权限。
Figure 7 illustrates how you can edit and grant permissions to your users based on what tables, procedures, and views they are going to use.
也就是说,IDS验证试图访问表的用户是否已经被授予在该表上执行操作所需的权限。
That is, IDS verifies whether the user attempting to access the table has been granted the required privileges to perform the requested operation on that table.
这个内部应用程序是否应该拥有访问用户的银行收支表的权限?
Should this internal application have access to the user's bank balance?
这个内部应用程序是否应该拥有访问用户的银行收支表的权限?
Should this internal application have access to the user's bank balance?
应用推荐