Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Admin Account for SQL Server

Status
Not open for further replies.
john98390

john98390

MIS
May 21, 2002
3
US
I work on an (SQl) db that is fairly complex allowing access to data on various tables at three different levels of users. IE user "A" cannot see user "B's" date. The db is accessed via the internet and the data is returned to the client browser in standard html tables.

I need to set up an admin account that can access ALL the data on ALL the tables without writing a million and one queries to do so. Would there possibly be a "trick" that might involve a single query and or stored procedure that I could possibly paste onto each of the various pages(about 60 pages)??

Appreciate any help you might provide here.

Regards,
John
 
Sort by date Sort by votes
You can use views or stored procedures to achieve Row Level Security. I assume the table(s) used in the application have column(s) that identify the user's data.

Example: Each row contains a UserID column
Create View vTableName As
[tt]
Select * From TableName
Where UserID=User_ID() --Select user's rows
--DBO can view all rows
Or User_ID()=1
--User John can view all rows
Or User_Name()='John'
[/tt]
Example: Each row contains a UserName column
Create View vTableName As
[tt]
Select * From TableName
Where UserName=User_Name() --Select user's rows
--DBO can view all rows
Or User_ID()=1
--User John can view all rows
Or User_Name()='John'
[/tt]
Example: Each row contains an Organization column
Create View vTableName As
[tt]
Select * From TableName
Where (User_Name()='mary' And Orgn In (1, 5, 9))
Or (User_Name()='felix' And Orgn In (3, 7, 8))
Or (User_Name()='bob' And Orgn In (1, 6, 7))
--DBO can view all rows
Or User_name()='dbo'
--User John can view all rows
Or User_Name()='John'
[/tt]
You can also use database roles to establish this type of security. You will need to Revoke permissions on the tables for the users and Grant permissions on the views. You could use the same kind of selection criteria in stored procedures.

Another method that is frequently employed is to control Row Level Security via a table rather than hard code it as I've done in the examples. Suppose you have a table named RLSTable with two columns, UserName and Orgn.
[tt]
Create View vTableName AS

Select *
From TableName t
Where Exists
(Select * From RLSTable
Where (UserName=system_user
And Orgn=t.Orgn)
--Let user john see all rows
Or system_user='john'
Or system_user='dbo')
[/tt]
Note: user_name() and system_user return the same value. Terry L. Broadbent - DBA
Computing Links:
faq183-874 contains "Suggestions for Getting Quick and Appropriate Answers" to your questions.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MathiasB
  • Question
Parameterised sql server query
Replies
8
Views
385
Chriss Miller
C
V
  • Locked
  • Question
xp_cmdshell vs psexec - this SQL server forgets credential to an W10 share
Replies
0
Views
758
Volvere
V
gbaughma
  • Locked
  • Question
SQL Performance
Replies
11
Views
951
pjw001
pjw001
Steve Yu
  • Locked
  • Question
How secure is MS SQL on the Internet vs behind firewall inside a LAN 1
Replies
3
Views
536
Chris Miller
Chris Miller
elly00
  • Locked
  • Question
create sql view using batch file
Replies
5
Views
634
Mike Lewis
Mike Lewis

Part and Inventory Search

Sponsor

Back
Top