Лаба роли

1. ---------------------РУКОВОДИТЕЛЬ---------------------
2. --1) Создание роли и выдача прав
3. create role DirectorRole
4. go
5. grant control to DirectorRole
6.  
7. --2) Создание пользователя и назначение роли
8. create user DirectorUserTest without login
9. go
10. alter role DirectorRole add member DirectorUserTest
11. go
12.  
13. --3) Тестирование доступа
14.  
15. --3.0) Мы точно директор
16. execute as user = 'DirectorUserTest'
17. select user
18. revert
19.  
20. --3.1) Селект случайной таблицы
21. execute as user = 'DirectorUserTest'
22. select *
23. from SeregaTheDed_SQLLogin_1.users;
24. revert
25.  
26. --3.2) Селект случайного вью
27. execute as user = 'DirectorUserTest'
28. select *
29. from SeregaTheDed_SQLLogin_1.DatesAndOrdersAtDate;
30. revert
31.  
32. --3.3) Вызов случайной процедуры
33. execute as user = 'DirectorUserTest'
34. execute SeregaTheDed_SQLLogin_1.GetMenuToday;
35. revert
36.  
37.  
38. --3.4) Селект случайной фукнции
39. execute as user = 'DirectorUserTest'
40. select *
41. from SeregaTheDed_SQLLogin_1.GetCustomerList();
42. revert
43.  
44.  
45.  
46. ---------------------ПРОСТОЙ_СОТРУДНИК---------------------
47. --1) Создание роли и выдача прав
48. create role EmployeeRole
49. go
50.  
51. grant select on SeregaTheDed_SQLLogin_1.categories(name) TO EmployeeRole
52. grant update, select on SeregaTheDed_SQLLogin_1.config(next_order_day, last_time_to_do_order) TO EmployeeRole
53. grant all privileges on SeregaTheDed_SQLLogin_1.orders(customer_name, date, status_id) TO EmployeeRole
54. grant all privileges on SeregaTheDed_SQLLogin_1.positions(status_id, date, product_id_first, product_id_second, customer_name, user_id, with_sauce, price) TO EmployeeRole
55. grant update, select, insert on SeregaTheDed_SQLLogin_1.products TO EmployeeRole
56. grant all privileges on SeregaTheDed_SQLLogin_1.rel_orders_products TO EmployeeRole
57. grant select on SeregaTheDed_SQLLogin_1.statuses to EmployeeRole
58.  
59. grant execute on SeregaTheDed_SQLLogin_1.PrintProductsTopAtAllDates to EmployeeRole
60. grant execute on SeregaTheDed_SQLLogin_1.GetMenuToday to EmployeeRole
61. grant select on SeregaTheDed_SQLLogin_1.GetRollbackCustomer to EmployeeRole
62.  
63.  
64.  
65. go
66. --2) Создание пользователя и назначение роли
67. create user EmployeeUserTest without login
68. go
69. alter role EmployeeRole add member EmployeeUserTest
70. go
71.  
72. --3) Тестирование доступа
73.  
74. --3.0) Мы точно работник НЕТ ПРАВ
75. execute as user = 'EmployeeUserTest'
76. select user
77. revert
78.  
79. --3.1) Селект случайной таблицы НЕТ ПРАВ
80. execute as user = 'EmployeeUserTest'
81. select *
82. from SeregaTheDed_SQLLogin_1.users;
83. revert
84.  
85. --3.2) Селект случайного вью НЕТ ПРАВ
86. execute as user = 'EmployeeUserTest'
87. select *
88. from SeregaTheDed_SQLLogin_1.DatesAndOrdersAtDate;
89. revert
90.  
91. --3.3) Вызов случайной процедуры НЕТ ПРАВ
92. execute as user = 'EmployeeUserTest'
93. execute SeregaTheDed_SQLLogin_1.GetMenuToday;
94. revert
95.  
96.  
97. --3.4) Селект случайной фукнции НЕТ ПРАВ
98. execute as user = 'EmployeeUserTest'
99. select *
100. from SeregaTheDed_SQLLogin_1.GetCustomerList();
101. revert
102.  
103. --3.5) Все категории
104. execute as user = 'EmployeeUserTest'
105. select *
106. from SeregaTheDed_SQLLogin_1.categories
107. revert
108. --С учетом прав:
109. execute as user = 'EmployeeUserTest'
110. select name
111. from SeregaTheDed_SQLLogin_1.categories
112. revert
113.  
114. --3.6) Выполнение функции, на которую выданы правы
115. execute as user = 'EmployeeUserTest'
116. select *
117. from SeregaTheDed_SQLLogin_1.GetRollbackCustomer()
118. revert
119.  
120. --3.7) Выполнение хранимой процедуры, на которую выданы правы
121. execute as user = 'EmployeeUserTest'
122. execute SeregaTheDed_SQLLogin_1.GetMenuToday
123. revert