Using a Parent Child Hierarchy in SQL Server to Implement a Custom Security Scheme

I have a requirement to implement a custom security scheme where roles and the user's place in the organization hierarchy are used to determine which customers a user can access. In particular the requirements are that a sales person can only access their customers and any other role can access any customer in their level of the organization hierarchy and below. We have a simple hierarchy that is made up of regions and offices. Can you provide us with an example of how to do this?

SQL Server Impersonation

SQL Server impersonation, or context switching, is a means to allow the executing user to assume the permissions of a given user or login until the context is set back, set to yet another user, or the session is ended. Deanna Dicken shows you two mechanisms for accomplishing this task and walks through some examples.

Removing permissions

Resolving User Security Identifier (SID) Discrepancy in Read-Only Databases

Many experienced DBAs understand the issues with matching up users and logins in a restored database. But what do you do when the database is read only? New author Tychang Chen brings us a technique that can help.

Understanding SQL Server fixed database roles

I know there are fixed database roles that come with SQL Server. How do I best use them within my installations? What should I watch out for? In this tip we will cover each of the database roles and recommendations on when to and when not to use them.

Using a Certificate Signed Stored Procedure to Execute sp_send_dbmail

Learn how to create a certificate signed stored procedure to solve common permissions problems using sp_send_dbmail. MVP Jonathan Kehayias brings us a short tutorial that discusses your options and code to show you how to implement certificate security.

SQL Server Security Audit Report

If your company needs to go through a SOX (Sarbanes–Oxley) audit or any security audit, the DBA has to provide security information to them. If you have purchased third party tools to provide this information that is great. If you don't have third party tools and need to go through many servers to provide this information it can be a hassle and very time consuming. So I put together a script to generate a report that I could just review. The script generates a report of all elevated level accounts and any possible security holes.

Grant Execute Permissions to Stored Procedures using DDL Triggers

In your development environment if you have locked down permissions for developers, but still need them to execute stored procedures you will need to grant execute rights each time a new stored procedure is generated. In this tip I will show you a way of doing this automatically each time a new stored procedure is created without granting your developers additional permissions.

Role Membership

Options for hiding SQL Server code

I am aware of the WITH ENCRYPTION clause that is used to encrypt the code for objects like views, stored procedures and functions. It sort of fulfills my purpose and is easy to implement, but it does not cover all SQL Server objects. In this tip we look at another option to restrict users from viewing the definition/code of any SQL Server object.