Re: Permission settings of Inventory database

From: Hari (hari_prasad_k_at_hotmail.com)
Date: 03/26/04

  • Next message: Leonard Poon: "Re: Permission settings of Inventory database" 
    Date: Fri, 26 Mar 2004 10:34:21 +0530

    Hi,

    You can implement "Application role" to implement the security strategy
    mentioned. What you have to do is Create a Application role and
    assign a password and give the required permission to the application role.

    Steps:

    1. Create a application role and set the password
    2. Assign this application role to the database user
    3. Enable this application role by giving the password inside your code (So
    as users also will not know this password)
    4. So after enabling this user will get the access inside application, But
    they will get any prev. using query analyzer. This
    will ensure that they cant do any Insert / update / delete using Query
    analyzer or Enterprise manager.

    Thanks
    Hari
    MCDBA

    "Leonard Poon" <leonardpoon@hotmail.com> wrote in message
    news:ulnyZ1uEEHA.1988@TK2MSFTNGP10.phx.gbl...
    > I'm using a single database for inventory system. Inventory data of all
    > shops are stored in the same database with restricted permissions to their
    > own data. That means, users / programs can only access their own inventory
    > information.
    > But, this is problem, the entire database is required to be accessed
    during
    > internal processes and in stored procedures.
    >
    > I wanna know if it is possible to have full-access permission on the
    > database for only inside stored procedures calls and keep restricting the
    > users from accessing other data.
    >
    > Leonard
    >
    >

  • Next message: Leonard Poon: "Re: Permission settings of Inventory database"

    Relevant Pages

    • Re: Permission settings of Inventory database
      ... First, we have 3 shops. ... The inventory of each shop can only be read/updated by its ... those stored procedures, we have to manually apply filters or 'WHERE' ... database in order to support the 'if-then-else' branches. ...
      (microsoft.public.sqlserver.security)
    • Re: Help pls: Not allow users access to tables, stored procedures
      ... Are all the objects in the same database? ... If not, cross-database chaining ... etc) is performed via stored procedures. ... correct permission for select permission on the tables. ...
      (microsoft.public.sqlserver.security)
    • help! report users permission on a SQL 2000 server
      ... stored procedures on each database. ... Is it possible to find permission using ... I read the online book of SQL server for 3 days. ...
      (microsoft.public.sqlserver.security)
    • Permission settings of Inventory database
      ... I'm using a single database for inventory system. ... shops are stored in the same database with restricted permissions to their ... database for only inside stored procedures calls and keep restricting the ...
      (microsoft.public.sqlserver.security)
    • Re: Database Model - Class, objects and interaction
      ... I was just proving stored procedures can call views. ... stuff like security and logging. ... So given 100,000 users, you would create database accounts for each? ... Part of our system's integrity was its reliability, and reliability is often assisted by simplicity. ...
      (comp.object)