sql 应用自定义逻辑以防止某些用户通过应用登录触发器登录MSSQL。这个特定的例子着眼于用户的na

Posted 2021-05-14

CREATE TRIGGER [access_trigger]
ON ALL SERVER 
with execute as 'sa' -- needed to query sys.dm_exec_connections table
FOR LOGON

AS
BEGIN

	if original_login() not in ('superadmin', 'anothersuperadmin', 'mydomain\admin')
	and exists (		
		select * from sys.dm_exec_connections
		where session_id = @@SPID
		and client_net_address != '<local machine>'  -- allow anyone logging on from local server
		and client_net_address not like '102.%'      -- allow anyone logging on from 102.x.x.x network
	) rollback;
	
END
GO

ENABLE TRIGGER [access_trigger] ON ALL SERVER
GO