Re: Column level security

From: ray (raywagoner@aristotle.net)
Date: 07/27/02 

From: "ray" <raywagoner@aristotle.net>
Date: Sat, 27 Jul 2002 14:53:48 -0700

I have also come to that conclusion, but I really want to
have the query return values for the columns not denied
and not return values for the columns denied. I don't
want it to substitute values, "#name" is what I generally
get on non returned (or undefined) values with upsized
Access database. I want every one to be able to use the
same form with the same query but only allow admins to
see the SS#. I have not found an acceptable workaround.

***ray***
>-----Original Message-----
>Ray,
>
>> Want to
>> get less important group to get everything except
denied
>> column without modifing query.
>
>To the best of my knowledge, not possible. DENY
doesn't "substitute" values
>.... it, as the name implies, denies access to the
database object.
>
>My suggestion:
>Create a view that excludes the restricted columns. DENY
permissions on the
>base table. GRANT SELECT permissions on the view.
>
>-------------------------------------------
>BP Margolin
>Please reply only to the newsgroups.
>When posting, inclusion of SQL (CREATE TABLE ...,
INSERT ..., etc.) which
>can be cut and pasted into Query Analyzer is appreciated.
>
>"ray" <raywagoner@aristotle.net> wrote in message
>news:17bf01c23586$56a7c300$a4e62ecf@tkmsftngxa06...
>> Have assigned select perm to a table and deny perm to a
>> column within that table. Made query that included
denied
>> column. When admin ran query, got all columns. When
less
>> important group ran query got no columns at all. Want
to
>> get less important group to get everything except
denied
>> column without modifing query.
>>
>> Result wanted for admin:
>> john 000-00-0000 manager 555-1212
>>
>> Result wanted for others:
>> john #name manager 555-1212
>
>
>.
>

Relevant Pages