授予用户在 SQL Server 机器学习服务中执行 Python 和 R 脚本的权限Grant users permission to execute Python and R scripts with SQL Server Machine Learning Services
10/14/2020
本文内容
适用于:Applies to: SQL Server 2016 (13.x)SQL Server 2016 (13.x)
SQL Server 2016 (13.x)SQL Server 2016 (13.x) 及更高版本
Azure SQL 托管实例Azure SQL Managed Instance
Azure SQL 托管实例Azure SQL Managed Instance适用于:Applies to:
SQL Server 2016 (13.x)SQL Server 2016 (13.x)
SQL Server 2016 (13.x)SQL Server 2016 (13.x) and later
Azure SQL 托管实例Azure SQL Managed Instance
Azure SQL 托管实例Azure SQL Managed Instance
了解如何向用户授予在 SQL Server 机器学习服务中运行外部 Python 和 R 脚本的权限,以及向数据库授予读取、写入或数据定义语言 (DDL) 权限。Learn how you can give users permission to run external Python and R scripts in SQL Server Machine Learning Services and give read, write, or data definition language (DDL) permissions to databases.
有关详细信息,请参阅扩展框架安全性概述中的“权限”部分。For more information, see the permissions section in Security overview for the extensibility framework.
运行脚本的权限Permission to run scripts
对于每个在 SQL Server 机器学习服务中运行 Python 或 R 脚本的非管理员用户,必须授予他们在使用该语言的每个数据库中运行外部脚本的权限。For each user who runs Python or R scripts with SQL Server Machine Learning Services, and who are not an administrator, you must grant them the permission to run external scripts in each database where the language is used.
若要授予执行外部脚本的权限,请运行以下脚本:To grant permission to execute external script, run the following script:
USE
GO
GRANT EXECUTE ANY EXTERNAL SCRIPT TO [UserName]
备注
权限不特定于受支持的脚本语言。Permissions are not specific to the supported script language. 换句话说,R 脚本和 Python 脚本没有单独的权限级别。In other words, there are not separate permission levels for R script versus Python script.
Grant 数据库权限Grant databases permissions
当某个用户运行脚本时,该用户可能需要从其他数据库读取数据。While a user is running scripts, the user might need to read data from other databases. 此外,该用户可能还需要创建新表来存储结果,并将数据写入表中。The user might also need to create new tables to store results, and write data into tables.
对于运行 R 或 Python 脚本的每个 Windows 用户帐户或 SQL 登录名,请确保它们具有特定数据库的适当权限:For each Windows user account or SQL login that is running R or Python scripts, ensure that it has the appropriate permissions on the specific database:
db_datareader 用以读取数据。db_datareader to read data.
db_datawriter 将对象保存到数据库。db_datawriter to save objects to the database.
db_ddladmin 用以创建对象,例如包含训练数据和序列化数据的存储过程或表。db_ddladmin to create objects such as stored procedures or tables containing trained and serialized data.
例如,以下 Transact-SQLTransact-SQL 语句为 SQL 登录名 MySQLLogin 提供在 ML_Samples 数据库中运行 T-SQL 查询的权限 。For example, the following Transact-SQLTransact-SQL statement gives the SQL login MySQLLogin the rights to run T-SQL queries in the ML_Samples database. 若要运行此语句,SQL 登录名必须已经存在于服务器的安全上下文中。To run this statement, the SQL login must already exist in the security context of the server.
USE ML_Samples
GO
EXEC sp_addrolemember 'db_datareader', 'MySQLLogin'
后续步骤Next steps
若要详细了解每个角色包括的权限,请参阅 数据库级别的角色。For more information about the permissions included in each role, see Database-level roles.
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
