Post reply

Best Practices, Read-Only Query Tool

  • April 21, 2006 at 10:52 am

    #171299

    I'm using SQL Server 7.

    I'd like to create a front-end query tool for our client.  What I'm thinking of doing is creating an Access ADP, and in the connection information, using a special login/user with limited permissions.  I only want them to be able to view limited data, all through queries I've written, and not be able to make any changes.

    I'm a little lost what the best practices here would be.  This is an additional utility; there's a front-end application already in place which uses NT Authentication to log in.  I cannot use THAT login/user because then the user would have access to everything--so I believe I need to create a new login/user with limited permissions.

    Also, would it be possible to allow them to create views on their own--but still not be able to modify other data?

    Really appreciate any help with this; thanks.

  • April 21, 2006 at 12:57 pm

    #633602

    Hello,

    I do create a login who has a a db_datareader role in the database that has to use this additional query tool. We do have a couple. Also, for one project I have another database for views only. The same login is a user in this database. You have to enable "allow cross database ownerhip chaining" for both databases if you are not using the same login and the ownership chaining may be a problem.

    In your case you may have 2 additional databases: one for your views and give the users read permissions to this database. Than they will be able to see only limited data. Another database will be for their custom views.

    This may be easier than managing individual permissions on different tables and views if they are in the same database.

    Regards,Yelena Varsha

  • April 21, 2006 at 1:01 pm

    #633604

    Yelena Varshal,

    That's great!  I never thought of that; that sounds like the best way to go.  Thank you.

    Just for the sake of further education, does anyone else have any other ideas?

  • April 24, 2006 at 1:16 am

    #633700

    Yelena's method is straight forward and manageble.

    Just keep in mind you'll have to rebind the views when altering database object in your base-db.

     I'd be more concerned for (b)locking issues. Use isolation level read uncommitted whenever possible !

    Johan

    Learn to play, play to learn !

    Dont drive faster than your guardian angel can fly ...
    but keeping both feet on the ground wont get you anywhere :w00t:

    - How to post Performance Problems
    - How to post data/code to get the best help[/url]

    - How to prevent a sore throat after hours of presenting ppt

    press F1 for solution, press shift+F1 for urgent solution 😀

    Need a bit of Powershell? How about this

    Who am I ? Sometimes this is me but most of the time this is me

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic. Login to reply