Re: Permissions!
From: Dan Guzman (guzmanda_at_nospam-online.sbcglobal.net)
Date: 09/05/05
- Next message: Dan Guzman: "Re: db_denydatareader Role"
- Previous message: Arpan: "Re: Permissions!"
- In reply to: Arpan: "Re: Permissions!"
- Next in thread: Arpan: "Re: Permissions!"
- Reply: Arpan: "Re: Permissions!"
- Reply: Arpan: "Re: Permissions!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 5 Sep 2005 12:30:38 -0500
> You have suggested using 'Integrated Security=SSPI' instead of login &
> password for Windows authorization. Can you please show me what should
> the ConnectionString look like in that case?
"Provider=SQLOLEDB;Data Source=(local);Initial Catalog=ARPAN;Integrated
Security=SSPI"
> Lastly I have been told by a SQL expert that it is not possible to
> assign column permissions in SQL Server to control column data
> visibility but you are saying otherwise. Can you please give me some
> idea on how to go about it or maybe suggest a few sites which deals
> with assigning column permissions?
You can control access to specific columns using column permissions but this
doesn't control visibility. For example, 'SELECT *' will fail if the user
doesn't have SELECT permissions on all table columns. A column list needs
to be specified for those columns the user has permissions to access.
IMHO, views are better for controlling access to specific columns since this
allows columns to be made invisible. This technique is described on the
Books Online under 'Using Views as Security Mechanisms'
<adminsql.chm::/ad_security_5whf.htm>.
-- Hope this helps. Dan Guzman SQL Server MVP "Arpan" <arpan_de@hotmail.com> wrote in message news:1125937401.336692.78350@f14g2000cwb.googlegroups.com... > Thank you very very very very very much, Dan, for your help. I am now > able to do what I wanted to do. I really appreciate the effort you have > put in to enlighten me on the "Permissions" issue. You have indeed > given me quite a detailed explanation. > > Yeah, you are correct........using 'sa' & a blank password does > compromise on security. Henceforth I will ensure that I don't repeat > this again. > > You have suggested using 'Integrated Security=SSPI' instead of login & > password for Windows authorization. Can you please show me what should > the ConnectionString look like in that case? > > Lastly I have been told by a SQL expert that it is not possible to > assign column permissions in SQL Server to control column data > visibility but you are saying otherwise. Can you please give me some > idea on how to go about it or maybe suggest a few sites which deals > with assigning column permissions? > > Thanks once again for your help. > > Regards, > > Arpan >
- Next message: Dan Guzman: "Re: db_denydatareader Role"
- Previous message: Arpan: "Re: Permissions!"
- In reply to: Arpan: "Re: Permissions!"
- Next in thread: Arpan: "Re: Permissions!"
- Reply: Arpan: "Re: Permissions!"
- Reply: Arpan: "Re: Permissions!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
