当前位置:网站首页>Sqlserver restricts the ip under which accounts can access the database
Sqlserver restricts the ip under which accounts can access the database
2022-08-10 00:33:00 【lusklusklusk】
Trigger for logon
官方文档
https://docs.microsoft.com/zh-cn/sql/relational-databases/triggers/logon-triggers?view=sql-server-ver16
https://docs.microsoft.com/zh-cn/sql/relational-databases/triggers/capture-logon-trigger-event-data?view=sql-server-ver16
使用 EVENTDATA 函数来返回LOGON事件中ClientHost来判断:
ClientHost:Contains the hostname of the client making the connection. If the client and server names are the same,则此值为“<local_machine>”. 否则,This value is client-side IP 地址.
备注:限制用户testuser只能通过ip 172.22.136.240、172.22.137.251or this machine to log in
USE master;
CREATE TRIGGER connection_limit_trigger
ON ALL SERVER WITH EXECUTE AS 'testuser'
FOR LOGON
AS
BEGIN
IF ORIGINAL_LOGIN()= 'testuser'
AND
(SELECT EVENTDATA().value('(/EVENT_INSTANCE/ClientHost)[1]', 'NVARCHAR(15)'))
NOT IN('172.22.136.240','172.22.137.251','<local machine>')
ROLLBACK;
END;
删除触发器
Drop TRIGGER connection_limit_trigger
Drop TRIGGER connection_limit_trigger ON DATABASE
报错如下
Cannot drop the trigger ‘connection_limit_trigger’, because it does not exist or you do not have permission.
Drop TRIGGER connection_limit_trigger ON ALL SERVER–正常执行
禁用触发器
Disable TRIGGER connection_limit_trigger ON ALL SERVER
Query trigger name and trigger type
select a.name trigger_name, b.type_desc trigger_type,a.*,b.* from sys.server_triggers a inner join sys.server_trigger_events b on a.object_id=b.object_id
通过master.sys.dm_exec_connections字段client_net_address来判断
代码逻辑:用户testuserOnly by local andip 172.22.136.240、172.22.137.251登陆
结果:After discovering that this trigger is created,All users cannot log in
原因:The session will only exist if you are logged inmaster.sys.dm_exec_connections字段client_net_address上有记录,Because we used a trigger to authenticate the login,If you don't log in, there will be no record,So this trigger will prevent all users from logging in
CREATE TRIGGER connection_limit_trigger
ON ALL SERVER WITH EXECUTE AS 'testuser'
FOR LOGON
AS
BEGIN
IF ORIGINAL_LOGIN()= 'testuser' AND
(select top 1 b.client_net_address from sys.dm_exec_sessions a inner join master.sys.dm_exec_connections b on
a.session_id=b.session_id and a.login_name='testuser'
order by login_time desc
)
not in('172.22.136.240','172.22.137.251','<local machine>')
ROLLBACK;
END;
边栏推荐
- 对象深复制,面试题
- 少儿编程 电子学会图形化编程等级考试Scratch三级真题解析(判断题)2022年6月
- HBuilder X 不能运行到内置终端
- 金仓数据库 KingbaseGIS 使用手册(6.4. 几何对象存取函数)
- Users should clearly know that quantitative trading is not a simple procedure
- 2022-08-09 mysql/stonedb-子查询性能提升-概论
- Bi Sheng Compiler Optimization: Lazy Code Motion
- 1018.值周
- leetcode 20. Valid Parentheses 有效的括号(中等)
- 2022-08-09 mysql/stonedb-慢SQL-Q16分析
猜你喜欢
随机推荐
tiup cluster template
OSG笔记:使用setFontResolution设置字体分辨率
Gold Warehouse Database KingbaseGIS User Manual (6.2. Management Functions)
外包的水有多深?腾讯15k的外包测试岗能去吗?
守护进程
Gartner全球集成系统市场数据追踪,超融合市场增速第一
2022/8/9 考试总结
深入理解多线程(第一篇)
Mysql集群 ShardingSphere
多线程是同时执行多个线程的吗
力扣:279.完全平方数
【对象——对象及原型链上的属性——对象的操作方法】
干货!迈向鲁棒的测试时间适应
如何坚持使用程序化系统?
Analyses the development status quo of stock trading
国内BI厂商一览
Basic operations of xlrd and xlsxwriter
k8s部署mysql
完全背包理论
tiup cluster scale-out