DB Level Restrictions

  • i am accessing a db through a user 'abc' i want to restrict direct access to the data using select statements. i have sp's which access update delete the data. how do i make sure i can restrict the user to access the tables directly.

  • set abc user to some role and assign the permissions appropriately.

    Steve Jones

    steve@dkranch.net

  • Just set permissions on the procs, not on the tables.

    Andy

  • Also make sure you are not using dynamic SQL and that all objects are owned by dbo.

    "Don't roll your eyes at me. I will tape them in place." (Teacher on Boston Public)

  • This is what I did, I restricted access to all the tables for the user 'abc' for 'Select' ing data from the tables. But this causes another problem, that when i use templates & sps from a different db in the same sql server it does not return any results. when i remove the 'SELECT' restrictions it allows me to query the db1 from db2 using sp and templates. So that again leaves direct 'select' open on all the tables. Any suggestions? comments?

  • What do you mean you "restrictied access"? Can you post the GRANT, ReVOKE or DENY statements?

    When you access from another db, what user is being used?

    Security is user and role specific and there are some good articles on this site that explain it if you search for security.

    That is another reason I'd say use roles to setup your security and then assign the users to roles.

    Steve Jones

    steve@dkranch.net

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic. Login to reply