Home Forums SQL Server 2008 Security (SS2K8) SSRS Column Hide based on User Login. RE: SSRS Column Hide based on User Login.

  • September 24, 2013 at 10:18 am

    #1652820

    Hi. the only effective way to do this is:

    1. Create a VIEW of the table for the low-security user with the columns that s/he may see.

    2. Set up two database roles: Let's call one GRUNTS and the other MANAGERS.

    3. Give the Supervisor the GRUNTS role and the Manager the MANAGERS role.

    4. REMOVE db_datareader from both users

    5. GRANT SELECT on all table names to MANAGERS. Example code:

    select

    'GRANT SELECT ON ' + [name] + ' to MANAGERS;'

    as Execute_this

    from sys.tables;

    Run the outputs in a new SSMS window.

    6. GRANT SELECT on all table names EXCEPT those you want to limit to GRUNTS. Example code:

    select

    'GRANT SELECT ON ' + [name] + ' to GRUNTS;' as Execute_this

    from sys.tables

    where [name] not in ('notallowed1','notallowed2',etc.);

    Run the outputs in a new SSMS window.

    7. DENY on all table names you want to limit to GRUNTS. Example code:

    select

    'DENY SELECT, INSERT,UPDATE,DELETE ON ' + [name] + ' to GRUNTS;' as Execute_this

    from sys.tables

    where [name] in ('notallowed1','notallowed2',etc.);

    8. GRANT on all views you want to allow to GRUNTS. Example code:

    select

    GRANT SELECT ON ' + [name] + ' to GRUNTS;' as Execute_this

    from sys.views

    where [name] in ('allowed1','allowed2',etc.);

    Run the outputs in a new SSMS window.

    And you should have yourself covered.

    Thanks

    John.