Re: Column level security

From: BP Margolin (bpmargo@attglobal.net)
Date: 07/27/02

• Next message: Erland Sommarskog: "Re: Tracking Stored Procedure changes"
• Previous message: ray: "Column level security"
• In reply to: ray: "Column level security"
• Next in thread: ray: "Re: Column level security"
• Reply: ray: "Re: Column level security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "BP Margolin" <bpmargo@attglobal.net>
Date: Sat, 27 Jul 2002 16:40:25 -0400

Ray,

> Want to
> get less important group to get everything except denied
> column without modifing query.

To the best of my knowledge, not possible. DENY doesn't "substitute" values
... it, as the name implies, denies access to the database object.

My suggestion:
Create a view that excludes the restricted columns. DENY permissions on the
base table. GRANT SELECT permissions on the view.

-------------------------------------------
BP Margolin
Please reply only to the newsgroups.
When posting, inclusion of SQL (CREATE TABLE ..., INSERT ..., etc.) which
can be cut and pasted into Query Analyzer is appreciated.

"ray" <raywagoner@aristotle.net> wrote in message
news:17bf01c23586$56a7c300$a4e62ecf@tkmsftngxa06...
> Have assigned select perm to a table and deny perm to a
> column within that table. Made query that included denied
> column. When admin ran query, got all columns. When less
> important group ran query got no columns at all. Want to
> get less important group to get everything except denied
> column without modifing query.
>
> Result wanted for admin:
> john 000-00-0000 manager 555-1212
>
> Result wanted for others:
> john #name manager 555-1212

• Next message: Erland Sommarskog: "Re: Tracking Stored Procedure changes"
• Previous message: ray: "Column level security"
• In reply to: ray: "Column level security"
• Next in thread: ray: "Re: Column level security"
• Reply: ray: "Re: Column level security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Column level security ... have the query return values for the columns not denied ... DENY ... >> Have assigned select perm to a table and deny perm to a ... When admin ran query, got all columns. ... (microsoft.public.sqlserver.security) Column level security ... Have assigned select perm to a table and deny perm to a ... When admin ran query, got all columns. ... column without modifing query. ... (microsoft.public.sqlserver.security) + Trivantis CourseMill Enterprise Learning Management System - SQL Injection - CVE-20 ... The username field on the login page is susceptible to SQL injection... ... Trivantis and CourseMill are registered trademarks of Trivantis. ... The logins are unencrypted and stored in the "Admin" table. ... Sample Query Logs from Exploiter Beta: ... (Bugtraq) Re: Search sub-form without writing exactly what is contained in query field ... will this work if say I type 'Admin' and 'Finance' in the same ... firstly I want to search all staff who have 'finance' ... Is there a way of searching a sub-form (reading from a query) without ... Manager' and 'Finance Manager' appeared as part of the results? ... (comp.databases.ms-access) Unbound field results are different then Query w/the same criteria ... functions of the admin FE will be to use the "Questions Selection Form" ... In the Eval FE I have a form based on a query with both QL and Q ... There is an Unbound field for each Question, ... (microsoft.public.access.formscoding)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint