Re: Column level security
From: BP Margolin (bpmargo@attglobal.net)
Date: 07/28/02
- Next message: Afkir: "DTS error -21472887 (80040E21)"
- Previous message: Cindy Gross: "Re: Security Hotfix 8.00.0655"
- In reply to: ray: "Re: Column level security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "BP Margolin" <bpmargo@attglobal.net> Date: Sat, 27 Jul 2002 21:17:28 -0400
Ray,
"Query" is a bit ill-defined. Assuming that a query can be a stored
procedure or a user-defined function (UDF), then perhaps you can use the
PERMISSIONS system function to determine whether the current user has
permissions to the column and, in the stored procedure / UDF, execute
different SELECTs.
Documentation on the PERMISSIONS system function is available in the SQL
Server Books Online.
Disclaimer: I have not actually tried coding this, so this is a suggestion
for a possible solution ... not a statement that this can be made to work.
-------------------------------------------
BP Margolin
Please reply only to the newsgroups.
When posting, inclusion of SQL (CREATE TABLE ..., INSERT ..., etc.) which
can be cut and pasted into Query Analyzer is appreciated.
"ray" <raywagoner@aristotle.net> wrote in message
news:1a4d01c235b8$164ffa70$b1e62ecf@tkmsftngxa04...
> I have also come to that conclusion, but I really want to
> have the query return values for the columns not denied
> and not return values for the columns denied. I don't
> want it to substitute values, "#name" is what I generally
> get on non returned (or undefined) values with upsized
> Access database. I want every one to be able to use the
> same form with the same query but only allow admins to
> see the SS#. I have not found an acceptable workaround.
>
> ***ray***
> >-----Original Message-----
> >Ray,
> >
> >> Want to
> >> get less important group to get everything except
> denied
> >> column without modifing query.
> >
> >To the best of my knowledge, not possible. DENY
> doesn't "substitute" values
> >.... it, as the name implies, denies access to the
> database object.
> >
> >My suggestion:
> >Create a view that excludes the restricted columns. DENY
> permissions on the
> >base table. GRANT SELECT permissions on the view.
> >
> >-------------------------------------------
> >BP Margolin
> >Please reply only to the newsgroups.
> >When posting, inclusion of SQL (CREATE TABLE ...,
> INSERT ..., etc.) which
> >can be cut and pasted into Query Analyzer is appreciated.
> >
> >"ray" <raywagoner@aristotle.net> wrote in message
> >news:17bf01c23586$56a7c300$a4e62ecf@tkmsftngxa06...
> >> Have assigned select perm to a table and deny perm to a
> >> column within that table. Made query that included
> denied
> >> column. When admin ran query, got all columns. When
> less
> >> important group ran query got no columns at all. Want
> to
> >> get less important group to get everything except
> denied
> >> column without modifing query.
> >>
> >> Result wanted for admin:
> >> john 000-00-0000 manager 555-1212
> >>
> >> Result wanted for others:
> >> john #name manager 555-1212
> >
> >
> >.
> >
- Next message: Afkir: "DTS error -21472887 (80040E21)"
- Previous message: Cindy Gross: "Re: Security Hotfix 8.00.0655"
- In reply to: ray: "Re: Column level security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
