Assign permissions to allow updates but deny select on table

From: Tanzen <aaron.nasby@xxxxxxxxx>
Date: Tue, 10 Jul 2007 18:24:53 -0700

I have a table that I want to deny users to select, but allow inserts,
updates and deletes. So in the permissions for that table, I have
given the security Group Update, Insert and Delete rights and Denied
Select access. I connect to the table via odbc and have been able to
get the Insert queries working fine. However, my attempts to run
Update or Delete queries continually produce errors.

Here is a sample query I'm trying to run
DELETE tblPasswordsforDirector.PassMasterID
FROM tblPasswordsforDirector
WHERE (((tblPasswordsforDirector.PassMasterID)=339));

Here is a summary of the odbc error I get:
Select Permission denied on column 'password' of object
tblPasswordsforDirector.

In troubleshooting, I tried to use the COLUMN permissions to give
Select access to the two columns I don't care if the users see, and
then Deny Select access on the two columns I don't want them to see
(one of which happens to be the 'password' column shown in error
above).

I guess I'm a little confused at why a DELETE query requires Select
permissions. And if it does, then why does SQL give you the ability to
Allow DELETE permissions and Deny SELECT permissions on the same
table?

Any help would be most appreciated.

Thanks in advance.

.

Follow-Ups:
- Re: Assign permissions to allow updates but deny select on table
  - From: Erland Sommarskog

Prev by Date: Re: How can I see what permissions "VIEW SERVER STATE" has?
Next by Date: Re: How can I see what permissions "VIEW SERVER STATE" has?
Previous by thread: How can I see what permissions "VIEW SERVER STATE" has?
Next by thread: Re: Assign permissions to allow updates but deny select on table
Index(es):
- Date
- Thread

Relevant Pages

Re: how to restrict users to search in their own Organizational Unit
... I also want to say that in fact you shouldn't deny the read permission to anyone and this scenario the MOSS Administrators or who is responsible for Add users to Your Sites should be carefull when performing this action. ... Now, because you're dealing with many users, my recommendation is to create THE NECESARY Security Groups in each OU and related them with your MOSS2007 existing security groups, in future when someone creates some user, you just have to add that user to the necessary group and that user will be given the necessary permissions. ... decided a script can make it possible to accomplish, ... > If I need to create a security group per OU and then add all users ...
(microsoft.public.windows.server.active_directory)
Re: Share Permissions: Deny behaviour
... Deny overrides all other permissions. ... There are two types of Deny (again goes for share and NTFS). ... explicit allow permission, then you're stuck with implicit deny. ...
(microsoft.public.windows.server.general)
Re: how to restrict users to search in their own Organizational Unit
... decided a script can make it possible to accomplish, ... You could also TRY removing the "Authenticated Users" ... Domain level since using a lot of DENY ... permissions is in and of itself a poor practice. ...
(microsoft.public.windows.server.active_directory)
Re: NTFS Security Question.
... I was not sure that deleting the special permissions would work but you ... Since Windows 2000 deny NTFS permission does not work ... originally configured "closer" to the object in the chain of folders. ...
(microsoft.public.windowsxp.security_admin)
RE: Exmerge errors
... To do this open regedit on the system you are administering Exchange ... A Deny does overrule an allow IF they are both inherited. ... An explicite allow at the store level will over-ride the inherited Deny. ... I cannot see where or how to override these permissions. ...
(microsoft.public.exchange.admin)