Re: Secure schema or view?
- From: Erland Sommarskog <esquel@xxxxxxxxxxxxx>
- Date: Fri, 15 Feb 2008 15:29:09 -0800
zeon (zeon@xxxxxxxxxxxxxxxxxxxxxxxxx) writes:
We have one database with multiple schemas.
Different departments have their own schema, which only they should be
able to read/write.
We also have 1 reference data schema that all users of the database should
have read access
What is the best way to secure the data?
I would create one role per deparment schema, and then grant
INSERT, DELETE, UPDATE and SELECT one that schema to the respective role.
I would also make sure that no one is a member of db_datareader/writer.
If the departments are permitted to create objects in their respective
schema, the roles needs permission for that too. It would also be a good
idea to make the role the owner of the schema, as by default the schema
owner, owns the obejcts created in the schema.
Grant access to all roles (or public) on the reference schema.
--
Erland Sommarskog, SQL Server MVP, esquel@xxxxxxxxxxxxx
Books Online for SQL Server 2005 at
http://www.microsoft.com/technet/prodtechnol/sql/2005/downloads/books.mspx
Books Online for SQL Server 2000 at
http://www.microsoft.com/sql/prodinfo/previousversions/books.mspx
.
- Prev by Date: Re: permissions not working
- Next by Date: An issue with SQL 2005 and Kerberos...
- Previous by thread: Re: Integrated Security in the DMZ
- Next by thread: An issue with SQL 2005 and Kerberos...
- Index(es):
Relevant Pages
|
|
