By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
443,760 Members | 1,630 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 443,760 IT Pros & Developers. It's quick & easy.

Hiding secret columns from users

P: n/a
Hi,
On my SQL Server 2000, I have a table of data (tblAllData) containing a
number of columns, some of which are 'secret'.
I have to let some users access the database using ODBC from an Excel
sheet, and I would like that they do not know at all that the columns exist.
I tried creating a view for them (qryAllData) that only selects the
columns that should be visible, but when the creating the
ODBC-connection, both the query and the underlying table shows up.
If I select the table as datasource, the query-builder in excel shows a
list of all the columns, including the secret ones. If I try selecting
then, of course, an error occurs.

I would like either that the columns for the table don't show or that
the table does not show at all - and only reveals the existence of the
view to the odbc-client.
Is that possible?

Here's what I tried so far:

<pre>
USE DbAllData
sp_addlogin @loginame='ODBCAccess', @passwd='ODBCAccess', @defdb='DbAllData'
sp_grantdbaccess 'ODBCAccess'
sp_addrolemember @rolename = db_denydatawriter, @membername = ODBCAccess

REVOKE ALL FROM ODBCAccess
DENY SELECT ON dbo.syscolumns TO ODBCAccess
DENY SELECT ON dbo.syscomments TO ODBCAccess
DENY SELECT ON dbo.sysdepends TO ODBCAccess
DENY SELECT ON dbo.sysfilegroups TO ODBCAccess
DENY SELECT ON dbo.sysfiles TO ODBCAccess
DENY SELECT ON dbo.sysfiles1 TO ODBCAccess
DENY SELECT ON dbo.sysforeignkeys TO ODBCAccess
DENY SELECT ON dbo.sysfulltextcatalogs TO ODBCAccess
DENY SELECT ON dbo.sysfulltextnotify TO ODBCAccess
DENY SELECT ON dbo.sysindexes TO ODBCAccess
DENY SELECT ON dbo.sysindexkeys TO ODBCAccess
DENY SELECT ON dbo.sysmembers TO ODBCAccess
DENY SELECT ON dbo.sysobjects TO ODBCAccess
DENY SELECT ON dbo.syspermissions TO ODBCAccess
DENY SELECT ON dbo.sysproperties TO ODBCAccess
DENY SELECT ON dbo.sysprotects TO ODBCAccess
DENY SELECT ON dbo.sysreferences TO ODBCAccess
DENY SELECT ON dbo.systypes TO ODBCAccess
DENY SELECT ON dbo.sysusers TO ODBCAccess
--allow selecting
GRANT SELECT (idx, col1, col2) ON tblAllData TO ODBCAccess
GRANT SELECT ON qryAllData TO ODBCAccess
</pre>

TIA,
M
Nov 23 '05 #1
Share this Question
Share on Google+
5 Replies


P: n/a
You can specify WITH VIEW_METADATA so that only meta-data exposed by the
view is visible:

CREATE VIEW MyView
WITH VIEW_METADATA AS
SELECT MyPublicData FROM MyTable

--
Hope this helps.

Dan Guzman
SQL Server MVP

"Morten Mikkelsen" <mbmnewsreader_@_mikkelsens.net> wrote in message
news:43***********************@dread15.news.tele.d k...
Hi,
On my SQL Server 2000, I have a table of data (tblAllData) containing a
number of columns, some of which are 'secret'.
I have to let some users access the database using ODBC from an Excel
sheet, and I would like that they do not know at all that the columns
exist.
I tried creating a view for them (qryAllData) that only selects the
columns that should be visible, but when the creating the ODBC-connection,
both the query and the underlying table shows up.
If I select the table as datasource, the query-builder in excel shows a
list of all the columns, including the secret ones. If I try selecting
then, of course, an error occurs.

I would like either that the columns for the table don't show or that the
table does not show at all - and only reveals the existence of the view to
the odbc-client.
Is that possible?

Here's what I tried so far:

<pre>
USE DbAllData
sp_addlogin @loginame='ODBCAccess', @passwd='ODBCAccess',
@defdb='DbAllData'
sp_grantdbaccess 'ODBCAccess'
sp_addrolemember @rolename = db_denydatawriter, @membername = ODBCAccess

REVOKE ALL FROM ODBCAccess
DENY SELECT ON dbo.syscolumns TO ODBCAccess
DENY SELECT ON dbo.syscomments TO ODBCAccess
DENY SELECT ON dbo.sysdepends TO ODBCAccess
DENY SELECT ON dbo.sysfilegroups TO ODBCAccess
DENY SELECT ON dbo.sysfiles TO ODBCAccess
DENY SELECT ON dbo.sysfiles1 TO ODBCAccess
DENY SELECT ON dbo.sysforeignkeys TO ODBCAccess
DENY SELECT ON dbo.sysfulltextcatalogs TO ODBCAccess
DENY SELECT ON dbo.sysfulltextnotify TO ODBCAccess
DENY SELECT ON dbo.sysindexes TO ODBCAccess
DENY SELECT ON dbo.sysindexkeys TO ODBCAccess
DENY SELECT ON dbo.sysmembers TO ODBCAccess
DENY SELECT ON dbo.sysobjects TO ODBCAccess
DENY SELECT ON dbo.syspermissions TO ODBCAccess
DENY SELECT ON dbo.sysproperties TO ODBCAccess
DENY SELECT ON dbo.sysprotects TO ODBCAccess
DENY SELECT ON dbo.sysreferences TO ODBCAccess
DENY SELECT ON dbo.systypes TO ODBCAccess
DENY SELECT ON dbo.sysusers TO ODBCAccess
--allow selecting
GRANT SELECT (idx, col1, col2) ON tblAllData TO ODBCAccess
GRANT SELECT ON qryAllData TO ODBCAccess
</pre>

TIA,
M

Nov 23 '05 #2

P: n/a
Dan Guzman wrote:
You can specify WITH VIEW_METADATA so that only meta-data exposed by the
view is visible:

CREATE VIEW MyView
WITH VIEW_METADATA AS
SELECT MyPublicData FROM MyTable

This is a bit better.
However, now, when using excel to extract the data, the query designer
shows both MyView and MyTable in the dropdown for selecting the source.
If I select the table as source, the secret columns still show up.
How do I remove the table from the list of selectable choices while
still allowing them to select the data from it through the view?

TIA,
/M

Nov 23 '05 #3

P: n/a
Does the user have permissions on the table? In that case, the table will
be visible in the list.

--
Hope this helps.

Dan Guzman
SQL Server MVP

"Morten Mikkelsen" <mbmnewsreader_@_mikkelsens.net> wrote in message
news:43***********************@dread15.news.tele.d k...
Dan Guzman wrote:
You can specify WITH VIEW_METADATA so that only meta-data exposed by the
view is visible:

CREATE VIEW MyView
WITH VIEW_METADATA AS
SELECT MyPublicData FROM MyTable

This is a bit better.
However, now, when using excel to extract the data, the query designer
shows both MyView and MyTable in the dropdown for selecting the source.
If I select the table as source, the secret columns still show up.
How do I remove the table from the list of selectable choices while still
allowing them to select the data from it through the view?

TIA,
/M

Nov 23 '05 #4

P: n/a
Dan Guzman wrote:
Does the user have permissions on the table? In that case, the table will
be visible in the list.


The user has to have select permissions on the table for the view to
work, right?
/M
Nov 23 '05 #5

P: n/a
> The user has to have select permissions on the table for the view to work,
right?
No. Permissions on indirectly referenced objects are not checked as long as
the ownership chain is unbroken. The ownership chain is unbroken as long as
the objects involved are owned by the same user. This allows you to limit
user access to views and stored procedures while preventing direct access to
the underlying objects. Users only need permissions on those objects they
access directly. See the Books Online for more information on ownership
chains.

--
Hope this helps.

Dan Guzman
SQL Server MVP

"Morten Mikkelsen" <mbmnewsreader_@_mikkelsens.net> wrote in message
news:43***********************@dread15.news.tele.d k... Dan Guzman wrote:
Does the user have permissions on the table? In that case, the table
will be visible in the list.


The user has to have select permissions on the table for the view to work,
right?
/M

Nov 23 '05 #6

This discussion thread is closed

Replies have been disabled for this discussion.