July 28, 2008 at 1:39 pm
I have a table which needs records inserted and updated. I do not want to grant select because that right will be abused. Is there a way to grant update and insert without granting select?
Thank you.
Francis S. Mazeika
MS SQL DBA
609-707-5207
francis.mazeika@gmail.com
July 28, 2008 at 1:55 pm
How can someone update a row they cannot see?
How do you abuse select?
Yes you can grant insert and update without select. I am of the opinion that you control access using stored procedures and views.
Jack Corbett
Consultant - Straight Path Solutions
Check out these links on how to get faster and more accurate answers:
Forum Etiquette: How to post data/code on a forum to get the best help
Need an Answer? Actually, No ... You Need a Question
July 29, 2008 at 10:14 am
They abuse select by dumping the contents of tables using select * with no where clause. I was hoping that by granting update with out select they can't do table dumps. I may be able to set grant update without select but the code fails, I may need to go to views.
Thank you.
Francis S. Mazeika
MS SQL DBA
609-707-5207
francis.mazeika@gmail.com
July 29, 2008 at 10:19 am
The reasons you give are why I avoid granting direct table access whenever possible. I typically only grant access to the database through stored procedures as I can control the ability of users to do select * from table.
Jack Corbett
Consultant - Straight Path Solutions
Check out these links on how to get faster and more accurate answers:
Forum Etiquette: How to post data/code on a forum to get the best help
Need an Answer? Actually, No ... You Need a Question
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply