Rich Client and Windows Authentication
From: Tom (someone@nobody.com)
Date: 11/22/02
- Next message: Eduardo Goto: "SQL Admin"
- Previous message: Johnny: "Re: JOB - PERFORMING COMPLETION ACTIONS"
- Next in thread: Pablo Gil: "Rich Client and Windows Authentication"
- Reply: Pablo Gil: "Rich Client and Windows Authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Tom" <someone@nobody.com> Date: Fri, 22 Nov 2002 22:01:06 +0100
Greets,
I've got a rich client that connects to a central database. To connect, you
need to be a member of at least 1 of 3 groups, each with different
privileges.
First, I'll cover a bit of background before entering the problem area. The
table under the spotlight is called "Quotes". You can get different
information from the Quotes-table depending on what group you're member of;
i.e. a quirk is that you should be able to see the customer-name in the
quote on those issued by you, but not on quotes issued by other users.
The problem here with the SELECTs is that if you're in a group where you
should be only allowed to see
- your quotes
- other people's quotes with customer-name blanked out
it means that you'll have SELECT-permissions on the table. To make things
better, you're allowed to delete quotes that you've issued (but not others),
giving you DELETE-permissions on the table. Now, with these permissions, how
do I prevent:
(1) the user from seeing customer-names on quotes not issued by
him/her
(2) the user from deleting quotes issued by others
To make matters worse, the name of the database-server is well-known or easy
to find out by listening. The database-server is accessible by members of
this group. They could add it in Enterprise Manager and browse the tables if
they wanted to. The way I see it, if they have SELECT-permissions, they
could fire a query at the database directly like
SELECT CustomerName FROM Quotes
simply because they should be able to see customer-name on the quotes issued
by them, but not others. They need access to the CustomerName-column.
Is there a way to give a user only permissions to maybe a stored procedure
that performs the selects? Or will executing that stored procedure require
SELECT-permissions? How should I tackle these problems? Any notes from the
field?
Kind regards,
Tom
- Next message: Eduardo Goto: "SQL Admin"
- Previous message: Johnny: "Re: JOB - PERFORMING COMPLETION ACTIONS"
- Next in thread: Pablo Gil: "Rich Client and Windows Authentication"
- Reply: Pablo Gil: "Rich Client and Windows Authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
