« 430 Part I EXAM PREPARATION FROM Product3 If
432 Part I EXAM PREPARATION continued was denied »

Chapter 7 WORKING WITH VIEWS 431 There are

Chapter 7 WORKING WITH VIEWS 431 There are three basic commands to set permissions and five different actions that they can control. The commands are GRANT, REVOKE, and DENY. The actions are SELECT, INSERT, UPDATE, DELETE, and DRI. GRANT and DENY allow or disallow access to the view, whereas REVOKE removes a previous GRANT or DENY. SELECT, INSERT, UPDATE, and DELETE should be self-explanatory, whereas DRI enables users to create references to the view, which would be required to create an object that refers to the view with the WITH SCHEMABINDING clause. For complete information about these statements and applying permissions, refer back to Chapter 6, Programming SQL Server 2000. If you use the following script to create a new table and view, CREATE TABLE dbo.DBOPermsTable ( id int, name varchar(20), description varchar(20), address varchar(20) ) GO CREATE VIEW dbo.DBOPermsView AS SELECT id, name FROM DBOPermsTable then you can set permissions with the following statements: REVOKE all ON DBOPermsTable TO public DENY all ON DBOPermsTable TO Mary REVOKE all ON DBOPermsView TO public GRANT SELECT ON DBOPermsView to Mary Even though you have not granted permissions to the underlying table, Mary still has permissions to the view, and that gives her access to the requested data. In this way, views provided additional data security because users do not need to be granted access to the source tables, and in this example, can actually be denied access to the base tables. This magic is accomplished through the ownership chain. Ownership chains were designed to make it easier for you to assign permissions, and to enhance security by requiring users to have permissions to only the upper-level objects, such as views or stored procedures. As long as the same person owns all the objects in the chain, permission is only checked at the first object that she accesses. In this case, Mary was granted permission to the view (DBOPermsView), but continues

For high quality website hosting services please check tomcat web hosting website.

This entry was posted on Tuesday, November 10th, 2009 at 4:21 pm and is filed under sql. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.

Comments are closed.