Re: Preventing unauthorized access
From: Adam Machanic (amachanic_at_air-worldwide.nospamallowed.com)
Date: 11/17/03
- Next message: Félix Meléndez: "User/Role gets lost at Restore Time."
- Previous message: Jasper Smith: "Re: Windows Event Log Storage"
- In reply to: Sydney Lotterby: "Re: Preventing unauthorized access"
- Next in thread: Dandy Weyn: "Re: Preventing unauthorized access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 17 Nov 2003 15:21:52 -0500
1) / 3) - You will set up multiple users in your database. One of the users
will have full access (this will be your user), the other(s) will have the
restricted access.
2) If you deny permission on an object, e.g. a table, there is no way for
that user to directly select from it. However, if that user has access to a
stored procedure that selects from the table, the user can run the stored
procedure to get the data. That stored procedure cannot use dynamic SQL to
select the data; this causes security to be re-checked at runtime, and as
the user has no access directly to the table, the query will not run.
"Sydney Lotterby" <sydney@infosearch.com> wrote in message
news:#Sjd6PSrDHA.2772@TK2MSFTNGP12.phx.gbl...
> Thanks, but ...
> 1) I need to be able to access the db with EM/QA. Can that still be done
> via a password?
> 2) Does the Dynamic sql restriction only apply to SPs using dynamic or to
> ANY dynamic sql via the application? ( I used ADO)
> 3) Is there not a way to just password protect like there is in MS Access
> so that anyone (including me) could get to the db if they had the
password?
- Next message: Félix Meléndez: "User/Role gets lost at Restore Time."
- Previous message: Jasper Smith: "Re: Windows Event Log Storage"
- In reply to: Sydney Lotterby: "Re: Preventing unauthorized access"
- Next in thread: Dandy Weyn: "Re: Preventing unauthorized access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
