Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
Henkdewilde
Starting Member
1 Post |
 Posted - 2010-08-12 : 09:33:17
|
| Currently trying to implement security on my database.To implement row level security I basically decided to give my users only access to views and not any tables (this part was easy, works like a charm).In order to keep things as simple as possible I'm seriously considering to create a mumber of new schema's just for the views to grant select, update, delete and insert to my views in one go, instead ofspecifically specifying this view by view:CREATE ROLE [RoleA] AUTHORIZATION [dbo]GRANT DELETE ON SCHEMA::[SchemaAView] TO [RoleA]GRANT INSERT ON SCHEMA::[SchemaAView] TO [RoleA]GRANT SELECT ON SCHEMA::[SchemaAView] TO [RoleA](No real names are used here, just for illustration)Is this the best way to tackle things? I couldn't really find any info on this, but it seemed logical.Is it OK to use separate schema's for just the views or would you just use REVOKE statements for all the tables? How would you guys approach this?I was by the way quite surprised that there is no standard way of getting this part scripted, very unlike most other database objects. I found a couple of scripts, but none of them worked for the full 100%. Somehow there seemed to be always something lacking. Any ideas/hints here?Henk |
|
|
X002548
Not Just a Number
15586 Posts |
|
|
|
|
|
Create schemas for views, stupid idea?