Re: Permissions!

From: Dan Guzman (guzmanda_at_nospam-online.sbcglobal.net)
Date: 09/05/05

  • Next message: xuyan: "how could i hide my finacial data to sa when i store them in sql server 2k?" 
    Date: Mon, 5 Sep 2005 16:48:42 -0500

    It seems you want to display different data based on the password the user
    entered. In this case, you can connect using a common login (unknown to the
    end user). You can then either build SQL differently depending on the
    password or render data differently depending on the password. You only
    need to grant SQL permissions to the application login and users won't be
    able to access the data outside your application. 

    -- 
Hope this helps.
Dan Guzman
SQL Server MVP
"Arpan" <arpan_de@hotmail.com> wrote in message 
news:1125952217.382925.241690@g14g2000cwa.googlegroups.com...
Sorry Dan.....forgot to ask another question.
Assume that instead of 3 users, there are, say, 100 users. Does that
mean that 100 views have to be created - one for each user? If yes,
then this means that the ASP application that will be accessing the
columns must have 100 If....Else statements with the ConnectionString
having different UIDs & Passwords something like this (assuming that
each user has to enter a password in the ASP application first before
proceeding further):
----------------------------------------
Dim strPassword
strPassword=Request.Form("pwd") 'collecting the password the user has
entered
If(strPassword="pwd1") Then
"Provider=SQLOLEDB;Server=(local);Database=ARPAN;UID=uid1;PWD=pass1­"
ElseIf(strPassword="pwd2") Then
"Provider=SQLOLEDB;Server=(local);Database=ARPAN;UID=uid2;PWD=pass2"
ElseIf(strPassword="pwd3") Then
"Provider=SQLOLEDB;Server=(local);Database=ARPAN;UID=uid3;PWD=pass3"
................
................
................
End If
----------------------------------------
This will be a tedious & monotonous approach! Would you suggest some
other workaround to this?
Also the ConnectionString that uses 'Integrated Security=SSPI' doesn't
include any UserID & Password; so how will SQL Server know which user
is trying to access data & restrict data access accordingly?
Thanks once again,
Regards,
Arpan
  • Next message: xuyan: "how could i hide my finacial data to sa when i store them in sql server 2k?"

    Relevant Pages

    • Re: Locked out of my own SQL Server???
      ... >back on the original server, it's trying to get onto SQL ... within my ASP ... >> app to use an applicationwide Connectionstring Variable ... >> Microsoft OLE DB Provider for SQL Server ...
      (microsoft.public.inetserver.iis.security)
    • Re: SQL Server will nicht!!!
      ... Da du den Code, insbesondere den Connectionstring nicht ... SQL Server User verwendet. ... willst) die Authentifizierungsmethode im SQL Server umstellen. ... MS MVP für ASP / ASP.Net ...
      (microsoft.public.de.german.entwickler.dotnet.asp)
    • Connection String
      ... I am writing an ASP .NET 2.0 web site. ... using the connectionString above. ... if anything to do with the SQL server changes and I forget to change ...
      (microsoft.public.dotnet.framework.aspnet)
    • Re: Connection String
      ... I am writing an ASP .NET 2.0 web site. ... using the connectionString above. ... if anything to do with the SQL server changes and I forget to change ...
      (microsoft.public.dotnet.framework.aspnet)
    • RE: Accessing SqlServer(Express) data on the server
      ... As for the ASP.NET, it is built upon the .net framework, so generally all ... you can change the connectionstring to point to another ... manually create another database (named "MyASPNETDB" in SQL Express ... you can even use SQL Server authentication(specify username/password ...
      (microsoft.public.dotnet.framework.aspnet.security)