SQL Clone
SQLServerCentral is supported by Redgate
Log in  ::  Register  ::  Not logged in

To Grant or Not to grant

It is said that you should not give direct table access (even select permission) to a user or group. But with the new ORM tools like N-Hybernate what do we do? N-Hybrbate is not designed for Stored Proc access. They are not even planning to have Stored proc support. So do we DBAs allow access to tables? or should we fight it out? It is a tough place to be.It removes one level of security. It also makes it harder for a DBA to know before hand how much of an impact the application will have on the Database when it is released.

I did find one way to do it. Create Views and give access to Views for the user. That means we could restrict how much data the application user an see. Still they have indirect table access.

Has anyone else figured out a better solution for this? I am sure almost all DBA's face this issue.


Posted by Jack Corbett on 25 November 2009

Good question Roy.  I think you can use SP's with NHibernate but it isn't easy.  I know you can with LINQ to SQL.  I just say use the tools to create your model classes then SP's in the data layer to populate.  Then you don't have the issue of direct table access.  Of course this means more work for the developers as they can't just let the tool create all the SQL On the fly, they actually have to code.

Posted by BuckWoody on 26 November 2009

Don't use NHibernate - if you have no choice, tell them security, performance and stability is now an issue for the NHibernate team.

It's the same thing as blaming the driver of the car when you make them drive from the roof with a rope tied to the steering wheel.

Leave a Comment

Please register or log in to leave a comment.