Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

 All Forums
 General SQL Server Forums
 New to SQL Server Administration
 SQL Security

Author  Topic 

Tahrizwan
Starting Member

2 Posts
Posted - 2009-08-30 : 22:04:28
Hi Guys,

I am new to SQL Admin.

I need answers to the following two questions.

1. How can you force the end users to access the tables through the programmable objects?

2. If you revoke the end users’ permissions on base tables, how can you enable the users to still be able to generate ad hoc reports in Excel?

Thanks.


Tahir

YellowBug
Aged Yak Warrior

616 Posts
Posted - 2009-08-31 : 05:45:44
What version of SQL Server are you using?

1. Application Roles

2. Create views and permission the users on the views only.
Go to Top of Page

Tahrizwan
Starting Member

2 Posts
Posted - 2009-08-31 : 10:53:07
Thanks.

I am working in SQL 2005.

This is the whole scenario.

The SetFocus Library Human Resource application uses stored procedures for all access to tables in the human resource database. However in addition to permissions to execute the procedures, end users need permissions on base tables because the owners of the procedures are often different from the owners of the base tables. In addition, some personnel use Excel to create ad hoc reports from the base tables. You notice that end users frequently change the data in base tables directly, in an uncontrolled and risky manner, instead of using the stored procedures and the application.
1. How can you force the end users to access the tables through the programmable objects?
2. If you revoke the end users’ permissions on base tables, how can you enable the users to still be able to generate ad hoc reports in Excel?

I had the same answers as you posted, but this is what my instructor is saying.


1: what specifically are you going to do to resolve the broken ownership chain problem (think about considerations regarding database ownership/execution context)

2: What database object could you use to form an intermediate data access layer. Granted this object may also suffer from a broken ownership chain problem- if that couldn't be changed, what other solution might you implement?




Tahir
Go to Top of Page
   

Subscribe to SQLTeam.com

SQLTeam.com Articles via RSS

SQLTeam.com Weblog via RSS

- Advertisement -

Resources

Articles

Forums

Blogs

Contact Us

About the Site