我正在尝试使用 Automatic Identity Range Management .但是,确保我的用户可以在具有标识列的表中插入记录的唯一方法是使它们成为 db_owner。我错过了什么吗?
完整背景请引用我之前的问题: Allow non-db_owner INSERT permissions in merge replication with auto identity range mgmt
最佳答案
显然它们是相互排斥的。
这是 Microsoft employee blog 的摘录(请注意,这不是“官方”文档,但它已经接近了):
Common Identity Range Problems
1) Account that makes inserts to the publisher or subscribed tables is not db_owner.
SQL 2005/8 subscribers have merge replication triggers that can adjust an exhausted primary range onto the secondary auxiliary range if the account making inserts is a member of db_owner role. Publishers can also refresh the range (create new Primary and Secondary Ranges) if the account connected is a member of db_owner role. However, if the account making inserts into the tables does not belong to the db_owner role, the triggers cannot make such adjustments. In this case, the Merge Agent needs to execute in order to make those adjustments before the range exhausts to avoid new inserts to fail or a member of db_owner must manually run the system stored procedure sp_adjustpublisheridentityrange (Transact-SQL).
什么!?!?!谁在那里编写数据库应用程序,其中唯一插入记录的用户是 db_owners?
关于sql-server - 良好的安全实践和自动识别范围管理是否相互排斥?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/6113915/