473,698 Members | 2,611 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

ROW LEVEL SECURITY

How can I implement "Row Level Security" in SQL Server 2000?

Thanks alot.
Jul 20 '05 #1
1 2307
Generally speaking, you can create views to horizontally partition data
based on your security requirements. The views filter data so that only
authorized users can access data. Do not allow direct access to the
underlying tables and grant user permissions only on views.

The script below illustrates this technique to implement security so that
users can only access employee data for those departments they are allowed
to see, based on their login and entries in the SecurityByDepar tment table.
This approach can be extended to include application-defined roles in order
to reduce security administration.

SET NOCOUNT ON
GO

CREATE TABLE Employees
(
EmployeeId int NOT NULL
CONSTRAINT PK_Employee
PRIMARY KEY NONCLUSTERED,
DepartmentId int NOT NULL,
SomeData varchar(30)
)
CREATE CLUSTERED INDEX Employees_cdx ON Employees(Depar tmentId)
GO

CREATE TABLE SecurityByDepar tment
(
UserName sysname NOT NULL,
DepartmentId int NOT NULL,
CONSTRAINT PK_SecurityByDe partment
PRIMARY KEY (UserName, DepartmentId)
)
GO

CREATE VIEW MyEmployees
AS
SELECT
e.EmployeeId,
e.DepartmentId,
e.SomeData
FROM Employees e
JOIN SecurityByDepar tment sbd ON
sbd.UserName = SUSER_SNAME() AND
sbd.DepartmentI d = e.DepartmentId
GO

EXEC sp_addrole 'MyRole'
GRANT SELECT ON MyEmployees TO MyRole
GO

INSERT INTO Employees VALUES(1, 1, 'some data 1')
INSERT INTO Employees VALUES(2, 1, 'some data 2')
INSERT INTO Employees VALUES(3, 1, 'some data 3')
INSERT INTO Employees VALUES(4, 2, 'some data 4')
INSERT INTO Employees VALUES(5, 2, 'some data 5')
GO

INSERT INTO SecurityByDepar tment VALUES('Login1' ,1)
INSERT INTO SecurityByDepar tment VALUES('Login1' ,2)
INSERT INTO SecurityByDepar tment VALUES('Login2' ,1)
INSERT INTO SecurityByDepar tment VALUES('Login3' ,2)
GO

EXEC sp_addlogin 'Login1'
EXEC sp_grantdbacces s 'Login1'
EXEC sp_addrolemembe r 'MyRole', 'Login1'
EXEC sp_addlogin 'Login2'
EXEC sp_grantdbacces s 'Login2'
EXEC sp_addrolemembe r 'MyRole', 'Login2'
EXEC sp_addlogin 'Login3'
EXEC sp_grantdbacces s 'Login3'
EXEC sp_addrolemembe r 'MyRole', 'Login3'
GO

PRINT SUSER_SNAME()
SELECT * FROM MyEmployees
GO

SETUSER 'Login1'
PRINT SUSER_SNAME()
SELECT * FROM MyEmployees
GO

SETUSER
SETUSER 'Login2'
PRINT SUSER_SNAME()
SELECT * FROM MyEmployees
GO

SETUSER
SETUSER 'Login3'
PRINT SUSER_SNAME()
SELECT * FROM MyEmployees
GO

SETUSER
GO

DROP VIEW MyEmployees
DROP TABLE Employees
DROP TABLE SecurityByDepar tment
EXEC sp_revokedbacce ss 'Login1'
EXEC sp_droplogin 'Login1'
EXEC sp_revokedbacce ss 'Login2'
EXEC sp_droplogin 'Login2'
EXEC sp_revokedbacce ss 'Login3'
EXEC sp_droplogin 'Login3'
EXEC sp_droprole 'MyRole'
GO
--
Hope this helps.

Dan Guzman
SQL Server MVP

"Elham.Ghoddous i" <el******@yahoo .com> wrote in message
news:4c******** *************** ***@posting.goo gle.com...
How can I implement "Row Level Security" in SQL Server 2000?

Thanks alot.

Jul 20 '05 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
0
1184
view file level / directory level security
by: Anthony | last post by:
On our IIS 5 windows 2000 web server we have many .asp's.. most of which (When right clicked / security tab / edit authentication) are using Integrated Windows Authentication. Is there an easy way to check ALL of them? Some of the pages require a higher level of security (Our password reset page for example) and I am just auditing everything and want to make sure that only the few pages that require it are using the elevated security...
ASP / Active Server Pages
2
5640
row level security
by: robert | last post by:
well, talk about timely. i'm tasked to implement a security feature, and would rather do so in the database than the application code. the application is generally Oracle, but sometimes DB2. Oracle has what it calls package DBMS_RLS, which implements application ignorant row level security. scanning this group yielded "you can't do that; use views". then i dug out DB2Mag qtr 1 2004, and there is MLS for v8/390. from this article,...
DB2 Database
13
2134
? User level security glitch
by: MFS 43 | last post by:
Using Access 2000 and 2002 Have set up user-level security with a new .mdw file (secured.mdw). I open my database with a short cut whose target includes a command line option for the workgroup .mdw file. This seems to work for the user-level security. However, if I go directly (through Explorer) to the Access .mdb file of my program (Program.mdb) and double click to start this .mdb file, the program opens without any security!!
Microsoft Access / VBA
3
3302
Implementing row-level security (SQL/AD)
by: Br | last post by:
I'm going to go into a fair bit of detail as I'm hoping my methods may be of assistance to anyone else wanting to implement something similar (or totally confusing:) One of systems I've developed has three levels of security. Admins - can see all records Manager - can only see records based on an organisation structure held in a table (simple tree structure) Employee - can only see own records
Microsoft Access / VBA
0
992
item level based security samples needed...
by: Jéjé | last post by:
Hi, I'm looking for some sample to implement an item level security system in my Web application. My users can create & manage project. The company has some organizationnal units. Each unit can create/manage projects. Today the security is set at the "system" level, I mean if a user can create
ASP.NET
3
3438
Field Level Security
by: Dave Wurtz | last post by:
All, Does anyone have ideas how they have implemented field (property) level security? I want to handle this from the business object level, not the database level. Is it best to have a security checking method that gets called in the property and throws an exception? If there are several "fields" that are being accessed multiple times, does it hurt from a performance perspective to have these exceptions thrown all of the time? ...
Visual Basic .NET
9
6647
The data at the root level is invalid exception
by: MR | last post by:
I get the following Exception "The data at the root level is invalid. Line 1, position 642" whenever I try to deserialize an incoming SOAP message. The incoming message is formed well and its length is 642 bytes ( I have appended it to the end of this message). I suspect that the reason may have something to do with an incorrect declaration of which class to de-serialize to. In the attached code I substituted @@@@@@@ in the code below with...
.NET Framework
1
2666
security for row level but not based on Database user's login
by: Friends | last post by:
Hi I need to set security for row level but not based on Database user's login. It should be based on the user table login. For the particular user I need to allow only the particular records to access insert, update delete and select. Let me explain clearly For example think we are using asp/asp.net website
Microsoft SQL Server
2
4036
User Level Security in Access 2007
by: evenlater | last post by:
I realize that user level security is not available for Access databases in the new AK27 format .accdb, and I know that I can still utilize ULS by making my database an .mdb file. But I'm wondering WHY Microsoft is scrapping a feature that I've always found to be extremely useful. Surely they don't expect that users of the new database format will no longer have a need to assign permissions at different levels for different users! Why...
Microsoft Access / VBA
6
2105
Jet User-Level Security
by: plaguna | last post by:
Basically I have Three questions about Jet U-L Security: 1.Every time I create new Groups, new Users and Permissions using the User and Group Accounts dialog box, It creates User security for every single DB Access file I have in my system. How can I get a Jet User-Level Security only for the current opened file without using the User-Level Security Wizard?. 2. Also, Is there a way to view and make changes to Groups and Users opening...
Microsoft Access / VBA
0
8683
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
General
0
9031
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
0
7740
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
Career Advice
1
6528
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
Microsoft Access / VBA
0
5862
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
C# / C Sharp
0
4372
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
Networking - Hardware / Configuration
1
3052
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp
2
2339
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP
3
2007
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us