一,通过 sys.sp_addlinkedsrvlogin 创建Linked Server的Login
当在local Server 上需要访问Linked Server时,Local Server 必须logon 到linked server,使用sys.sp_addlinkedsrvlogin 指定Local Server 登陆Linked Server的Login Account。如果Linked Server 是SQL Server,必须使用 SQL Server Authentication,不能使用Windows Authentication的域账户登陆。
When a user logs on to the local server and executes a distributed query that accesses a table on the linked server, the local server must log on to the linked server on behalf of the user to access that table. Use sp_addlinkedsrvlogin to specify the login credentials that the local server uses to log on to the linked server.
Creates or updates a mapping between a login on the local instance of SQL Server and a security account on a remote server.
sp_addlinkedsrvlogin [ @rmtsrvname = ] 'rmtsrvname'
[ , [ @useself = ] 'TRUE' | 'FALSE' | NULL ] [ , [ @locallogin = ] 'locallogin' ] [ , [ @rmtuser = ] 'rmtuser' ] [ , [ @rmtpassword = ] 'rmtpassword' ]
Arguments
- [ @rmtsrvname = ] 'rmtsrvname'
-
Is the name of a linked server that the login mapping applies to. rmtsrvname is sysname, with no default.
- [ @useself = ] 'TRUE' | 'FALSE' | 'NULL'
-
Determines whether to connect to rmtsrvname by impersonating local logins or explicitly submitting a login and password. The data type is varchar(8), with a default of TRUE.
A value of TRUE specifies that logins use their own credentials to connect to rmtsrvname, with the rmtuser and rmtpassword arguments being ignored. FALSE specifies that the rmtuser and rmtpassword arguments are used to connect to rmtsrvname for the specified locallogin. If rmtuser and rmtpassword are also set to NULL, no login or password is used to connect to the linked server.
- [ @locallogin = ] 'locallogin'
-
Is a login on the local server. locallogin is sysname, with a default of NULL. NULL specifies that this entry applies to all local logins that connect to rmtsrvname. If not NULL, locallogin can be a SQL Server login or a Windows login. The Windows login must have been granted access to SQL Server either directly, or through its membership in a Windows group granted access.
- [ @rmtuser = ] 'rmtuser'
-
Is the remote login used to connect to rmtsrvname when @useself is FALSE. When the remote server is an instance of SQL Server that does not use Windows Authentication, rmtuser is a SQL Server login. rmtuser is sysname, with a default of NULL.
- [ @rmtpassword = ] 'rmtpassword'
-
Is the password associated with rmtuser. rmtpassword is sysname, with a default of NULL.
Remarks
A default mapping between all logins on the local server and remote logins on the linked server is automatically created by executing sp_addlinkedserver. The default mapping states that SQL Server uses the user credentials of the local login when connecting to the linked server on behalf of the login. This is equivalent to executing sp_addlinkedsrvlogin with @useself set to true for the linked server, without specifying a local user name. Use sp_addlinkedsrvlogin only to change the default mapping or to add new mappings for specific local logins. To delete the default mapping or any other mapping, use sp_droplinkedsrvlogin.
Instead of having to use sp_addlinkedsrvlogin to create a predetermined login mapping, SQL Server can automatically use the Windows security credentials (Windows login name and password) of a user issuing the query to connect to a linked server when all the following conditions exist:
-
A user is connected to SQL Server by using Windows Authentication Mode.
-
Security account delegation is available on the client and sending server.
-
The provider supports Windows Authentication Mode; for example, SQL Server running on Windows.
After the authentication has been performed by the linked server by using the mappings that are defined by executing sp_addlinkedsrvlogin on the local instance of SQL Server, the permissions on individual objects in the remote database are determined by the linked server, not the local server.
二,Examples to add linked server login
1, Connecting all local logins to the linked server by using their own user credentials
使用User 自己的Credentials 去登陆Linked Server,这种方式要求显式将每个User Login mapping到Linked Server,使其有权限登录。
EXEC sp_addlinkedsrvlogin 'Accounts', 'true';
If there are explicit mappings created for individual logins, they take precedence over any global mappings that may exist for that linked server.
2, Connecting a specific login to the linked server by using different user credentials
The following example creates a mapping to make sure that the Windows user Domain\Mary connects through to the linked server Accounts by using the login MaryP and password d89q3w4u.
EXEC sp_addlinkedsrvlogin 'Accounts', 'false', 'Domain\Mary', 'MaryP', 'd89q3w4u';
将Windows Domain Account “Domain\Mary” Mapping到 SQL Server Authentication的Account "MaryP",使其有权限登陆到Linked Server。
3,@locallogin 参数为null,NULL specifies that this entry applies to all local logins that connect to rmtsrvname. 使所有local login 都能使用 “MaryP” 来登陆Linked Server。
EXEC sp_addlinkedsrvlogin 'Accounts', 'false', null, 'MaryP', 'd89q3w4u';
三,通过 sys.linked_logins 查看添加的Linked Server Login
Returns a row per linked-server-login mapping, for use by RPC and distributed queries from local server to the corresponding linked server.
server_id:ID of the server in sys.servers. 0表示的是Local Server,大于0的整数值表示的是Linked Server的ID。
local_principal_id:Server-principal to whom mapping applies. 如果local_principal_id 不为0,其value是参数@locallogin对应的Server Principal ID,使用 sys.server_principals 查看该ID对应的Server Principal;如果local_principal_id=0,表示 @locallogin=NULL。
uses_self_credential:If 1, mapping indicates session should use its own credentials; otherwise, 0 indicates that session uses the name and password that are supplied. 其值 和 参数 @useself 相同
remote_name:Remote user name to use when connecting. Password is also stored, but not exposed in catalog view interfaces. 是指当链接到Linked Server时 ,使用 remote_name 来该Linked Server,即登陆Linked Server的 Login。
四,通过 sys.sp_droplinkedsrvlogin 删除Linked Server Login
Removes an existing mapping between a login on the local server running SQL Server and a login on the linked server.
sp_droplinkedsrvlogin [ @rmtsrvname= ] 'rmtsrvname' ,
[ @locallogin= ] 'locallogin'
[ @rmtsrvname = ] 'rmtsrvname'
Is the name of a linked server that the SQL Server login mapping applies to. rmtsrvname is sysname, with no default. rmtsrvname must already exist.
[ @locallogin = ] 'locallogin'
Is the SQL Server login on the local server that has a mapping to the linked server rmtsrvname. locallogin is sysname, with no default. A mapping for locallogin to rmtsrvname must already exist. If NULL, the default mapping created by sp_addlinkedserver, which maps all logins on the local server to logins on the linked server, is deleted.
通过 sys.linked_logins 查看注册的Linked Logins,获取local_principal_id 数据和 Server_ID,通过 sys.servers 查看Linked Server 的 name,通过 sys.server_principals 查看 注册的Local login。
示例:Removing the login mapping for an existing user
The following example removes the mapping for the login Mary from the local server to the linked server Accounts. Therefore, login Mary uses the default login mapping.
EXEC sp_droplinkedsrvlogin 'Accounts', 'Mary'
参考文档:
MSDN:sp_addlinkedsrvlogin (Transact-SQL)
