用于访问弹性数据库客户端库的凭据Credentials used to access the Elastic Database client library

适用于:是Azure SQL 数据库 APPLIES TO: yesAzure SQL Database

弹性数据库客户端库使用三种不同的凭据来访问分片映射管理器The Elastic Database client library uses three different kinds of credentials to access the shard map manager. 使用凭据时,应根据需要尽可能采用最低访问级别。Depending on the need, use the credential with the lowest level of access possible.

  • 管理凭据:用于创建或操作分片映射管理器。Management credentials: for creating or manipulating a shard map manager. (请参阅词汇表。)(See the glossary.)
  • 访问凭据:用于访问现有分片映射管理器以获取有关分片的信息。Access credentials: to access an existing shard map manager to obtain information about shards.
  • 连接凭据:用于连接到分片。Connection credentials: to connect to shards.

另请参阅管理 Azure SQL 数据库的数据库和登录名See also Managing databases and logins in Azure SQL Database.

关于管理凭据About management credentials

使用管理凭据可以针对操作分片映射的应用程序创建 ShardMapManagerJava.NET)对象。Management credentials are used to create a ShardMapManager (Java, .NET) object for applications that manipulate shard maps. (有关示例,请参阅使用弹性数据库工具添加分片数据相关路由)。(For example, see Adding a shard using Elastic Database tools and data-dependent routing). 弹性缩放客户端库的用户创建 SQL 用户和 SQL 登录名,并确保授予每个 SQL 用户/登录名对全局分片映射数据库以及所有分片数据库的读/写权限。The user of the elastic scale client library creates the SQL users and SQL logins and makes sure each is granted the read/write permissions on the global shard map database and all shard databases as well. 对分片映射执行更改时,可使用这些凭据维护全局分片映射和本地分片映射。These credentials are used to maintain the global shard map and the local shard maps when changes to the shard map are performed. 例如,使用管理凭据创建分片映射管理器对象(使用 GetSqlShardMapManagerJava.NET)):For instance, use the management credentials to create the shard map manager object (using GetSqlShardMapManager (Java, .NET):

// Obtain a shard map manager.
ShardMapManager shardMapManager = ShardMapManagerFactory.GetSqlShardMapManager(smmAdminConnectionString,ShardMapManagerLoadPolicy.Lazy);

变量 smmAdminConnectionString 是包含管理凭据的连接字符串。The variable smmAdminConnectionString is a connection string that contains the management credentials. 用户 ID 和密码提供对分片映射数据库和单个分片的读/写访问权限。The user ID and password provide read/write access to both shard map database and individual shards. 管理连接字符串还包括服务器名称和数据库名称,以标识全局分片映射数据库。The management connection string also includes the server name and database name to identify the global shard map database. 下面是用于实现此目的的典型连接字符串:Here is a typical connection string for that purpose:

"Server=<yourserver>.database.chinacloudapi.cn;Database=<yourdatabase>;User ID=<yourmgmtusername>;Password=<yourmgmtpassword>;Trusted_Connection=False;Encrypt=True;Connection Timeout=30;"

请勿使用“username@server”格式的值 - 只需使用“username”格式的值。Do not use values in the form of "username@server"-instead just use the "username" value. 这是因为凭据必须同时适用于分片映射管理器数据库和各个分片,而它们可能位于不同的服务器上。This is because credentials must work against both the shard map manager database and individual shards, which may be on different servers.

访问凭据Access credentials

在不用于管理分片映射的应用程序中创建分片映射管理器时,请使用在全局分片映射上具有只读权限的凭据。When creating a shard map manager in an application that does not administer shard maps, use credentials that have read-only permissions on the global shard map. 在这些凭据下从全局分片映射检索到的信息可用于数据相关路由,以及用于填充客户端上的分片映射缓存。The information retrieved from the global shard map under these credentials is used for data-dependent routing and to populate the shard map cache on the client. 通过与 GetSqlShardMapManager 相同的调用模式提供凭据:The credentials are provided through the same call pattern to GetSqlShardMapManager:

// Obtain shard map manager.
ShardMapManager shardMapManager = ShardMapManagerFactory.GetSqlShardMapManager(smmReadOnlyConnectionString, ShardMapManagerLoadPolicy.Lazy);  

记下 smmReadOnlyConnectionString 的使用,以代表非管理员用户反映用于此访问的其他凭据的使用:这些凭据不应在全局分片映射上提供写入权限。 Note the use of the smmReadOnlyConnectionString to reflect the use of different credentials for this access on behalf of non-admin users: these credentials should not provide write permissions on the global shard map.

连接凭据Connection credentials

使用 OpenConnectionForKeyJava.NET)方法访问与某个分片键相关联的分片时,还需使用其他凭据。Additional credentials are needed when using the OpenConnectionForKey (Java, .NET) method to access a shard associated with a sharding key. 这些凭据需要提供对驻留在该分片上的本地分片映射表的只读访问权限。These credentials need to provide permissions for read-only access to the local shard map tables residing on the shard. 若要对分片上数据相关的路由执行连接验证,则需要此凭据。This is needed to perform connection validation for data-dependent routing on the shard. 此代码片段允许在使用数据相关路由的情况下进行数据访问:This code snippet allows data access in the context of data-dependent routing:

using (SqlConnection conn = rangeMap.OpenConnectionForKey<int>(targetWarehouse, smmUserConnectionString, ConnectionOptions.Validate))

在本示例中, smmUserConnectionString 包含用户凭据的连接字符串。In this example, smmUserConnectionString holds the connection string for the user credentials. 对于 Azure SQL 数据库,下面是用户凭据的典型连接字符串:For Azure SQL Database, here is a typical connection string for user credentials:

"User ID=<yourusername>; Password=<youruserpassword>; Trusted_Connection=False; Encrypt=True; Connection Timeout=30;"  

与管理员凭据一样,请不要使用“username@server”格式的值,As with the admin credentials, do not use values in the form of "username@server". 而应使用“username”格式的值。Instead, just use "username". 另请注意,连接字符串不包含服务器名称和数据库名称。Also note that the connection string does not contain a server name and database name. 这是因为,OpenConnectionForKey 调用会自动根据键将连接定向到正确的分片。That is because the OpenConnectionForKey call automatically directs the connection to the correct shard based on the key. 因此,不需提供数据库名称和服务器名称。Hence, the database name and server name are not provided.

另请参阅See also

在 Azure SQL 数据库中管理数据库和登录名Managing databases and logins in Azure SQL Database

保护 SQL 数据库Securing your SQL Database

弹性数据库作业Elastic Database jobs

其他资源Additional resources

尚未使用弹性数据库工具?Not using elastic database tools yet? 请查看入门指南Check out our Getting Started Guide.