Re: Setting Up SQL Security
- From: Erland Sommarskog <esquel@xxxxxxxxxxxxx>
- Date: Mon, 26 Mar 2007 22:06:58 +0000 (UTC)
dsfseattle (dsfseattle@xxxxxxxxxxxxxxxxxxxxxxxxx) writes:
I have setup in sql server via Enterprise Manager a user. I pretty much
want that user to have complete access to a database. The application
is Darwin. What I would like to do is limit the companies that this
user would access. For example, company 1 would be off limits, whereas
company 2 through 5 would be available. Any direction would be
appreciated.
As suggested by Codeman and Uri you can use views to implement this.
However, you should be aware of that row-level security implemented
in this way, is not 100% foolproof. A skilled user may still be table
to dig out facts about the companies he is not permitted to see. It's
not that he can see the data directly, but he take information from
query plans, and error messages.
Depending on your situation you may be willing to take the risk that
this happens. But if it's impedient that no information whatsoever is
disclosed, you should consider using different databases instead.
--
Erland Sommarskog, SQL Server MVP, esquel@xxxxxxxxxxxxx
Books Online for SQL Server 2005 at
http://www.microsoft.com/technet/prodtechnol/sql/2005/downloads/books.mspx
Books Online for SQL Server 2000 at
http://www.microsoft.com/sql/prodinfo/previousversions/books.mspx
.
- Prev by Date: Re: owned schema or role members?
- Next by Date: Re: owned schema or role members?
- Previous by thread: Re: Setting Up SQL Security
- Next by thread: Windows Authentication from a workgroup to a domain sql server
- Index(es):
Relevant Pages
|
