December 6, 2004 at 10:56 am
Is there any way to restrict what a developer-type user sees in Query Analyzer? I know they will only see the databases they have access to, but I'd like to be able to restrict it such that they only see the views they have access to and not any of the tables. Also, they should only be able to see the stored procedures they have access to.
I can set it up where they can't run scripts against the tables and can't open them, but they can still see them all and see their column structure, etc. And they can create a script of the stored procedures/views. They can't run them, but they can see them and they could run them on their own database somewhere else.
Do I have to live with this limitation or is there a way to restrict this access?
Thanks,
Jana
December 6, 2004 at 11:44 am
Check BOL about grant permission to objects.
December 6, 2004 at 12:34 pm
Even after turning off the object permissions, my user can still SEE the tables and their column descriptions in QA. They can't open the table or select from it or update it, but they can see it.
I know it may sound like we are trying to be control freaks about this, but we don't want to get a lot of "advice" from others because they can see the underlying architecture.
I thought that part of the beauty of things like Views was that you could limit the users' access to the data to only those things they needed to see. Was QA not factored into this?
December 6, 2004 at 1:14 pm
Here is a solution recomended several years ago by Microsoft, I don't know if they still recommend it. I have one application created this way (not by me)
Put all tables in one database. No access to developers. Put all views in another database. Give the appropriate access. SQL2KSP3 note: do enable "Allow Cross Database Ownership Chaining"
Yelena
Regards,Yelena Varsha
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply