Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
Mountain_Nerd
Starting Member
28 Posts |
 Posted - 2006-08-03 : 11:24:58
|
| Using Windows authentication, I have a user that is accessing a database via a vendor-supplied application. The read/write user permissions are controlled via a database role that was established at application install.Now, in an integration effort, I want to allow a specific user to access this same data via another application. This application allows for database browsing, so I want to narrow the data access permissions to read-only on specific objects. I will be building views of the source tables and grant read permissions to those views. The user should not be able to see the primary tables with this second application. I would strongly prefer to create a role for this.Is there a way I can create a security structure that allows the same login different security permissions depending on the application through which they connect? I believe the answer is "no" -- that's what application roles are for... but since I don't control the code in either application, I can't use that either. So, I'm left thinking that the only way to accomplish this is to have a separate login for accessing the data via the second application.Any suggestions? |
|
|
nr
SQLTeam MVY
12543 Posts |
Posted - 2006-08-03 : 11:40:10
|
| You can deny permissions in a role but that will override granted permission in other roles.Basically you get the union of all the permissions in all roles with deny overriding grant.There's no way of changing the permissions depending on the app via a integrated security login.You could maybe put triggers on the tables and prevent updates depending on the app but that doesn't sound like what you want.==========================================Cursors are useful if you don't know sql.DTS can be used in a similar way.Beer is not cold and it isn't fizzy. |
 |
|
|
|
|
|
How to manage conflicting user roles?