Re: Record Level Security
From: Umachandar Jayachandran (please_reply_to_newsgroup_only)
Date: 01/05/03
- Next message: John Bell: "Re: Record Level Security"
- Previous message: Umachandar Jayachandran: "Re: what record read by user"
- In reply to: John Bell: "Re: Record Level Security"
- Next in thread: John Bell: "Re: Record Level Security"
- Reply: John Bell: "Re: Record Level Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Umachandar Jayachandran" <please_reply_to_newsgroup_only> Date: Sun, 5 Jan 2003 00:34:21 -0800
Since you are not exposing the USER_NAME column in the UDF or view,
there is no problem I think. The issue if you have to include the USER_NAME
column also in the view or UDF like below. Then any user can insert data for
any other user via the UDF that doesn't qualify while reading data.
ALTER FUNCTION fn_ShowMyEntries ()
RETURNS table
AS
RETURN (
SELECT [Item], [OtherAttribute], [RowCounter], [USER_NAME]
FROM [dbo].[table1]
WHERE [User_name] = Current_User
)
GO
ALTER VIEW dbo.vw_table1
AS
SELECT Item, OtherAttribute, RowCounter
FROM dbo.table1
WHERE (User_Name = CURRENT_USER)
WITH CHECK OPTION
GO
-- Logged in as dbo, this will fail:
insert into vw_table1 ( Item, OtherAttribute, User_Name )
values( 'CC', '212', 'TestUser' )
-- Logged in as dbo, this will succeed:
insert into fn_ShowMyEntries() ( Item, OtherAttribute, User_Name )
values( 'CC', '212', 'TestUser' )
-- Umachandar Jayachandran SQL Resources at http://www.umachandar.com/resources.htm ( Please reply only to newsgroup. )
- Next message: John Bell: "Re: Record Level Security"
- Previous message: Umachandar Jayachandran: "Re: what record read by user"
- In reply to: John Bell: "Re: Record Level Security"
- Next in thread: John Bell: "Re: Record Level Security"
- Reply: John Bell: "Re: Record Level Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
