Re: View Security

From: Tom Moreau (tom@dont.spam.me.cips.ca)
Date: 03/05/03


From: "Tom Moreau" <tom@dont.spam.me.cips.ca>
Date: Wed, 5 Mar 2003 15:05:19 -0500

Well, without their passwords, there isn't much they can do. Certainly, table structure is unimportant. If a user is allowed to use a view, they should know what columns it has and what the datatypes are.

-- 
Tom
---------------------------------------------------------------
Thomas A. Moreau, BSc, PhD, MCSE, MCDBA
SQL Server MVP
Columnist, SQL Server Professional
Toronto, ON Canada   tom@cips.ca
www.pinnaclepublishing.com/sql
  "A.M" <hate-spam@spam.com> wrote in message news:O3RgoH14CHA.2288@TK2MSFTNGP10.phx.gbl...
  The user can see list of other users who can login into the database. I would say that is very very sensetive.
    "Tom Moreau" <tom@dont.spam.me.cips.ca> wrote in message news:OrBrn804CHA.2396@TK2MSFTNGP11.phx.gbl...
    By default, you can examine the system objects.  I imagine you could revoke SELECT permission on the various tables, procs, etc.  Metadata is generally not considered sensitive.
    -- 
    Tom
    ---------------------------------------------------------------
    Thomas A. Moreau, BSc, PhD, MCSE, MCDBA
    SQL Server MVP
    Columnist, SQL Server Professional
    Toronto, ON Canada   tom@cips.ca
    www.pinnaclepublishing.com/sql
      "A.M" <hate-spam@spam.com> wrote in message news:#RQ7P204CHA.1676@TK2MSFTNGP12.phx.gbl...
      So you mean if we give small access to a user then the user will be able to see all database structure ? That is terrible vulnerability.
      We have SCHEMA in Oracle so i can efficiently hide any part of database from user. Do we have similar thing in SQL server? I know SqlServer 2000 has scema capability. Can it solve my problem ?
      Thanks,
      Ali
        "Tom Moreau" <tom@dont.spam.me.cips.ca> wrote in message news:#xtfKY04CHA.2408@TK2MSFTNGP09.phx.gbl...
        Well, yes and no.  You can create a view, proc or function and specify the WITH ENCRYPTION option.  However, it is quite difficult to prevent users from seeing a list of objects.
        -- 
        Tom
        ---------------------------------------------------------------
        Thomas A. Moreau, BSc, PhD, MCSE, MCDBA
        SQL Server MVP
        Columnist, SQL Server Professional
        Toronto, ON Canada   tom@cips.ca
        www.pinnaclepublishing.com/sql
          "A.M" <hate-spam@spam.com> wrote in message news:O$KCE2z4CHA.2408@TK2MSFTNGP09.phx.gbl...
          Hi,
          Can i limit a user to just run a select statemet on a view, but do not allow
          him see the view definition or list of other database objects?
          If i make a login member of database public role, then that user will be
          able to see all database structue such as view/table/sp definitions.
          We need to restrict a user and hide database structure from him. All we want
          him to do is run a select statement on a view, but we don't want him to see
          view structure.
          Any help would be appreciated,
          Ali


Relevant Pages

  • Idiomatic Expressions to Operating System Architecture: Transforming Rigids
    ... <Subject: Re: Idiomatic Expressions to Operating ... <endpoint during a single session * DATABASE + by ... <statements is a new feature of SQL Server 2005. ...
    (sci.math)
  • Re: MS Access DAO -> ADO.NET Migration
    ... William Vaughn ... Microsoft MVP ... Hitchhiker's Guide to Visual Studio and SQL Server ... My migration app works building a SSCE database file with imported data ...
    (microsoft.public.dotnet.framework.adonet)
  • Re: Cluster will not fail over.
    ... > As far as the TCP/IP issue goes, you had to rebuild the cluster and were ... > able to restore the master database. ... > a cluster installation you'll have to revisit. ... >> This worked bringing up the sql server in minimal mode. ...
    (microsoft.public.sqlserver.clustering)
  • Re: problem with query moving data from 1 dbase to another.
    ... You register a SQL Server instance, where such an instance can have several databases. ... Tibor Karaszi, SQL Server MVP ... > you know how to connect to an existing database, ... >> Tibor Karaszi, SQL Server MVP ...
    (microsoft.public.sqlserver.server)
  • Re: Word 2003/Access2000/SQLSVR
    ... SQL server being where the data is held and this is accessed through a MS ... entire database and that may be say a record for Berkshire. ... "Peter Jamieson" wrote: ... replaced with the first record on the table in use. ...
    (microsoft.public.word.mailmerge.fields)