Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
steelkilt
Constraint Violating Yak Guru
255 Posts |
 Posted - 2005-12-16 : 10:22:58
|
| I try to use SPROCs for all my data access needs, but there have been a few cases where I've had to resort to Views to faciliate things for my end users.One case involves end users launching a View from within MS Access via linked table. The View pulls together fields from several base tables via standard JOINs.Users have SELECT permissions to the VIEW and only in rare cases will some of these users have SELECT permissions to the base tables this VIEW draws from.This seems safe to me, but I'd like to put the question to the group: under what circumstances does a VIEW become dangerous and can permissions on a VIEW ever override permissions on a base table?Thanks |
|
|
SQLServerDBA_Dan
Aged Yak Warrior
752 Posts |
Posted - 2005-12-16 : 11:32:23
|
| I wouldn't ever assign permissions to a user. I'd create a role and assign the permissions to it. Then add the user to the role. This makes it easy to manage. Views are ok. If you have granted "deny" access on a table then that will always override anything else.Daniel, MCP, A+SQL Server DBAwww.dallasteam.com |
 |
|
|
blindman
Master Smack Fu Yak Hacker
2365 Posts |
Posted - 2005-12-16 : 12:54:47
|
| Views may be updateable, while stored procedure never are. Stored procedures thus give you more control over data entry, requiring independent INSERT procedures in which you can cleanse and verify the data before it goes into your production tables.Make sure you have proper permissions set on the views if you don't want people editing data. |
|
|
|
X002548
Not Just a Number
15586 Posts |
|
|
blindman
Master Smack Fu Yak Hacker
2365 Posts |
Posted - 2005-12-16 : 16:12:40
|
| What "...means dynamic SQL."?Not sure where you derive that requirment... |
|
|
|
byrmol
Shed Building SQL Farmer
1591 Posts |
Posted - 2005-12-16 : 17:01:44
|
| >>under what circumstances does a VIEW become dangerous and can permissions on a VIEW ever >>override permissions on a base table?Views never becomes dangerous, only the DBA's who create.A view can override permission on the base table if the view is given INSERT/UPDATE permission and the view is updateable.. see this example.... http://weblogs.sqlteam.com/davidm/archive/2003/11/28/623.aspxThink of it this way...You have a house (database) and in a particular room (table) there is corner of the room (rows/columns). As a DBA you don't give them the keys to house but you would allow them to see just the corner. (A view)DavidMIntelligent Design is NOT science.A front-end is something that tries to violate a back-end. |
|
|
|
|
|
|
Is my View dangerous?