April 4, 2002 at 1:50 pm
i am accessing a db through a user 'abc' i want to restrict direct access to the data using select statements. i have sp's which access update delete the data. how do i make sure i can restrict the user to access the tables directly.
April 4, 2002 at 2:06 pm
April 4, 2002 at 6:20 pm
April 4, 2002 at 8:03 pm
Also make sure you are not using dynamic SQL and that all objects are owned by dbo.
"Don't roll your eyes at me. I will tape them in place." (Teacher on Boston Public)
April 5, 2002 at 10:09 am
This is what I did, I restricted access to all the tables for the user 'abc' for 'Select' ing data from the tables. But this causes another problem, that when i use templates & sps from a different db in the same sql server it does not return any results. when i remove the 'SELECT' restrictions it allows me to query the db1 from db2 using sp and templates. So that again leaves direct 'select' open on all the tables. Any suggestions? comments?
April 5, 2002 at 11:35 am
What do you mean you "restrictied access"? Can you post the GRANT, ReVOKE or DENY statements?
When you access from another db, what user is being used?
Security is user and role specific and there are some good articles on this site that explain it if you search for security.
That is another reason I'd say use roles to setup your security and then assign the users to roles.
Steve Jones
Viewing 6 posts - 1 through 6 (of 6 total)
You must be logged in to reply to this topic. Login to reply