<a href="http://g.adspeed.net/ad.php?do=clk&zid=15220&wd=468&ht=60&pair=as" target="_blank"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=15220&wd=468&ht=60&pair=as" alt="i" width="468" height="60"/></a>
Log in
::
Register
::
Not logged in
Home
Tags
Articles
Editorials
Stairways
Forums
Scripts
Videos
Blogs
QotD
Books
Ask SSC
SQL Jobs
Training
Authors
About us
Contact us
Newsletters
Write for us
<a href="http://g.adspeed.net/ad.php?do=clk&zid=15491&wd=120&ht=300&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=15491&wd=120&ht=300&pair=as" alt="i" width="120" height="300"/></a>
Recent Posts
Recent Posts
Popular Topics
Popular Topics
Home
Search
Members
Calendar
Who's On
Home
»
SQL Server 2005
»
SQL Server 2005 Security
»
Table Security
Table Security
Rate Topic
Display Mode
Topic Options
Author
Message
Francis S. Mazeika
Francis S. Mazeika
Posted Monday, July 28, 2008 1:39 PM
SSC Rookie
Group: General Forum Members
Last Login: Friday, June 07, 2013 9:37 PM
Points: 44,
Visits: 206
I have a table which needs records inserted and updated. I do not want to grant select because that right will be abused. Is there a way to grant update and insert without granting select?
Thank you.
Francis S. Mazeika
Human Interface.
Post #542167
Jack Corbett
Jack Corbett
Posted Monday, July 28, 2008 1:55 PM
SSChampion
Group: General Forum Members
Last Login: Today @ 3:07 PM
Points: 10,613,
Visits: 11,959
How can someone update a row they cannot see?
How do you abuse select?
Yes you can grant insert and update without select. I am of the opinion that you control access using stored procedures and views.
Jack Corbett
Applications Developer
Don't let the good be the enemy of the best. --
Paul Fleming
Check out these links on how to get faster and more accurate answers:
Forum Etiquette: How to post data/code on a forum to get the best help
Need an Answer? Actually, No ... You Need a Question
How to Post Performance Problems
Crosstabs and Pivots or How to turn rows into columns Part 1
Crosstabs and Pivots or How to turn rows into columns Part 2
Post #542173
Francis S. Mazeika
Francis S. Mazeika
Posted Tuesday, July 29, 2008 10:14 AM
SSC Rookie
Group: General Forum Members
Last Login: Friday, June 07, 2013 9:37 PM
Points: 44,
Visits: 206
They abuse select by dumping the contents of tables using select * with no where clause. I was hoping that by granting update with out select they can't do table dumps. I may be able to set grant update without select but the code fails, I may need to go to views.
Thank you.
Francis S. Mazeika
Human Interface.
Post #542830
Jack Corbett
Jack Corbett
Posted Tuesday, July 29, 2008 10:19 AM
SSChampion
Group: General Forum Members
Last Login: Today @ 3:07 PM
Points: 10,613,
Visits: 11,959
The reasons you give are why I avoid granting direct table access whenever possible. I typically only grant access to the database through stored procedures as I can control the ability of users to do select * from table.
Jack Corbett
Applications Developer
Don't let the good be the enemy of the best. --
Paul Fleming
Check out these links on how to get faster and more accurate answers:
Forum Etiquette: How to post data/code on a forum to get the best help
Need an Answer? Actually, No ... You Need a Question
How to Post Performance Problems
Crosstabs and Pivots or How to turn rows into columns Part 1
Crosstabs and Pivots or How to turn rows into columns Part 2
Post #542839
« Prev Topic
|
Next Topic »
Permissions
You
cannot
post new topics.
You
cannot
post topic replies.
You
cannot
post new polls.
You
cannot
post replies to polls.
You
cannot
edit your own topics.
You
cannot
delete your own topics.
You
cannot
edit other topics.
You
cannot
delete other topics.
You
cannot
edit your own posts.
You
cannot
edit other posts.
You
cannot
delete your own posts.
You
cannot
delete other posts.
You
cannot
post events.
You
cannot
edit your own events.
You
cannot
edit other events.
You
cannot
delete your own events.
You
cannot
delete other events.
You
cannot
send private messages.
You
cannot
send emails.
You
may
read topics.
You
cannot
rate topics.
You
cannot
vote within polls.
You
cannot
upload attachments.
You
may
download attachments.
You
cannot
post HTML code.
You
cannot
edit HTML code.
You
cannot
post IFCode.
You
cannot
post JavaScript.
You
cannot
post EmotIcons.
You
cannot
post or upload images.
Copyright © 2002-2013 Simple Talk Publishing. All Rights Reserved.
Privacy Policy.
Terms of Use.
Report Abuse.
