Re: Controlling Division Access in Corporate Consolodated db

From: Uri Dimant (urid_at_iscar.co.il)
Date: 01/05/05

  • Next message: Dan D.: "restricting domain administrator access" 
    Date: Wed, 5 Jan 2005 17:14:20 +0200

    Sorry
    http://vyaskn.tripod.com/sql_server_security_best_practices.htm --------security
    best practices

    "Uri Dimant" <urid@iscar.co.il> wrote in message
    news:%23ljzLJz8EHA.2568@TK2MSFTNGP10.phx.gbl...
    > Jim
    > Go thru this article. I am sure you'll find the answer.
    >
    >
    >
    > "Jim Shaw" <jeshaw2@comcast.net.work> wrote in message
    > news:%23lQmF4y8EHA.3416@TK2MSFTNGP09.phx.gbl...
    > > BlankI'm designing a corporate level database which holds information
    for
    > > each of the corporation's operating divisions. Divisions are dynamic,
    in
    > > that they added and deleted to the corporate structure frequently. Also,
    > > employees are moved from one division to another frequently. The roles
    > that
    > > employees perform are standardized across the entire corporation. The
    > data
    > > algorithms & structure is also set by corporate policy. Each division
    is
    > > uniquely identified by a 3-digit "FacilityID" code.
    > >
    > > In all the db tables, views, functions, etc., I need to restrict a
    user's
    > > privileges to the rows of data that relate to the division in which they
    > are
    > > currently employed. Corporate users should have privileges across all
    of
    > > the multiple divisions data.
    > >
    > > Is there a "best Practices" established to implement this type of
    > security?
    > >
    > > I'm thinking of using views to define the role's access to data tables
    and
    > > columns. Then using Select statements to access the view with a WHERE
    > > clause to specify the FacilityID. Can this be done in SQL 2000?
    > >
    > > I Would like to avoid the need for separate Select statements for
    > corporate
    > > and division users.
    > >
    > > I also want to avoid different hard coded views for each
    division...there
    > > are over 200 them. I'm thinking about dynamically generated
    > queries/SELECT
    > > statements (like what can be done in Access 2000)?
    > >
    > > Thanks
    > > Jim
    > >
    > >
    >
    >

  • Next message: Dan D.: "restricting domain administrator access"

    Relevant Pages

    • Controlling Division Access in Corporate Consolodated db
      ... employees perform are standardized across the entire corporation. ... privileges to the rows of data that relate to the division in which they are ... Corporate users should have privileges across all of ... I Would like to avoid the need for separate Select statements for corporate ...
      (microsoft.public.sqlserver.security)
    • Re: Controlling Division Access in Corporate Consolodated db
      ... > employees perform are standardized across the entire corporation. ... > privileges to the rows of data that relate to the division in which they ... Corporate users should have privileges across all of ... > I also want to avoid different hard coded views for each division...there ...
      (microsoft.public.sqlserver.security)
    • Re: Complain Letter Car Discrimination
      ... business to a competitor, as Tony appeared to be implying, or that ... I don't think Jim Gooding was distressed ... Jim didn't come down on employees who did some shopping elsewhere. ... presumably did the bulk of their shopping at rival stores. ...
      (alt.usage.english)
    • Re: telephone switching system
      ... you get sweatshops like the ones in the Phillipines, ... have a situation like you get in western Europe, ... AFAIK, it's easy to get rid of employees in the UK, just difficult to ... This sounds an *awful lot* like Jim Thompson's communist arts professor ...
      (sci.electronics.design)
    • Re: Word 2003 File Menu>Open doesnt work
      ... Quite honestly, Jim, if you tried all that and it didn't work, you won't ... I may have to do that, but I'd like to avoid it. ... >> Anne Troy ...
      (microsoft.public.word.application.errors)