July 27, 2010 at 9:21 am
Currently trying to implement security on my database.
To implement row level security I basically decided to give my users only access to views and not any tables (see also one of my other posts, this part was easy, works like a charm).
In order to keep things as simple as possible I'm seriously considering to create a mumber of new schema's just for the views to grant select, update, delete and insert to my views in one go, instead of
specifically specifying this view by view:
CREATE ROLE [RoleA] AUTHORIZATION [dbo]
GRANT DELETE ON SCHEMA::[SchemaAView] TO [RoleA]
GRANT INSERT ON SCHEMA::[SchemaAView] TO [RoleA]
GRANT SELECT ON SCHEMA::[SchemaAView] TO [RoleA]
(No real names are used here, just for illustration)
Is this the best way to tackle things? I couldn't really find any info on this, but it seemed logical.
I was by the way quite surprised that there is no standard way of getting this part scripted, very unlike most other database objects. I found a couple of scripts, but none of them worked for the full 100%. Somehow there seemed to be always something lacking.
Henk
September 12, 2011 at 9:48 am
Track-back therad may be helpful:
http://www.sqlservercentral.com/Forums/Topic1173055-1526-1.aspx
There are no special teachers of virtue, because virtue is taught by the whole community.
--Plato
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply