Disallow viewing table definitions [Programming SQL]

Prev: Is any group function which concatenates data?
Next: 64 bit MSDASQLfor Windows Server 2008

From: Vern Rabe on 15 Jun 2010 19:34

SQL 2005 or 2008, how do you configure security to allow a user to SELECT
data from a table but not view the table definition? I tried GRANT SELECT on
both the table and schema, but that also allows viewing table definition.
Executing REVOKE VIEW DEFINITION on either the table or the schema doesn't
do it. The user is in on roles (other than Public of course).

Thanks
Vern Rabe

From: Tony Rogerson on 16 Jun 2010 00:36

Hi Vern,

If you are worried about them seeing other columns in the table then
abstract what they should see by using a VIEW instead - just permission them
to the view rather than the base table.

Many thanks,
Tony

"Vern Rabe" <Vern(a)Rabe.net> wrote in message
news:7903E35D-B400-4150-8B50-394CD467A87F(a)microsoft.com...
> SQL 2005 or 2008, how do you configure security to allow a user to SELECT
> data from a table but not view the table definition? I tried GRANT SELECT
> on both the table and schema, but that also allows viewing table
> definition. Executing REVOKE VIEW DEFINITION on either the table or the
> schema doesn't do it. The user is in on roles (other than Public of
> course).
>
> Thanks
> Vern Rabe

From: Vern Rabe on 16 Jun 2010 11:31

Thanks, Tony, but they considered views, but didn't want to create a view for
every table. But I think I figured out a solution. I had mistakenly tried
REVOKE VIEW DEFINITION, and I should have used DENY VIEW DEFINITION. That
seems to work.

Vern Rabe

"Tony Rogerson" wrote:

> Hi Vern,
>
> If you are worried about them seeing other columns in the table then
> abstract what they should see by using a VIEW instead - just permission them
> to the view rather than the base table.
>
> Many thanks,
> Tony
>
> "Vern Rabe" <Vern(a)Rabe.net> wrote in message
> news:7903E35D-B400-4150-8B50-394CD467A87F(a)microsoft.com...
> > SQL 2005 or 2008, how do you configure security to allow a user to SELECT
> > data from a table but not view the table definition? I tried GRANT SELECT
> > on both the table and schema, but that also allows viewing table
> > definition. Executing REVOKE VIEW DEFINITION on either the table or the
> > schema doesn't do it. The user is in on roles (other than Public of
> > course).
> >
> > Thanks
> > Vern Rabe
>

|
Pages: 1
Prev: Is any group function which concatenates data?
Next: 64 bit MSDASQLfor Windows Server 2008