July 28, 2002 at 1:30 pm
I am using ODBC to access SQL Server and need to limit by user what can be selected, updated, etc. I know I can do it with a view but each user then has his own queries. For example, "SELECT NAME FROM PERSONEL" should only return the records that a particular user is authorized to see and edit. A diiferent user would see a different result set for the same query.
July 28, 2002 at 2:07 pm
How do you determine which records they can see? A value in a column? Can users view overlapping sets of data?
Andy
July 28, 2002 at 3:07 pm
A column would be the most likely. Typically a user would be limited to a unique subset or all if he was the dbo or sysadmin.
The application is a multi-tenant building with a common database for access control. Each tenant would use the same software to access only his employees while the head security guard could access all records as dbo.
thanks
July 28, 2002 at 3:42 pm
One way is to just make the logic intrinsic to your app - basically any place you query include the " and userid='xyz'".
Andy
July 28, 2002 at 4:32 pm
I had thought of that as well as using views but the app is already written as a single user app and employs hundreds of embedded SQL statements with about twenty tables. I was looking for an easy way to partition the tables by password without having to find and modify all the statements based on the ID. I suspect that views is probably the way to go.
thanks for your help.
Viewing 5 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply