|
dev
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
security for row level but not based on Database user's loginI need to set security for row level but not based on Database user's login. It should be based on the user table login. For the particular user I need to allow only the particular records to access insert, update delete and select. Let me explain clearly For example think we are using asp/asp.net website Eg: www.test.com So take this is our website and if you try this URL then you will get a window for Login name and password. For example the Login name is windows user name (Here windows user means server windows user and not client) and windows password. So if you have login user id you can able to login in our site and we have another check. We have our own usertable this table consist all the user login names and user rights. We will check the windows user who login in our site has rights in the usertable I mean he is present in the usertable if he is not present then we will display a message you have no rights to access this site. If he has login id in our usertable then he allowed viewing our pages. Still if he has the login id we will check the user who login has how much right to access to each page and the records of each table its all depend on the user rights. So, here I need the row level security. For each and every table we need to check the corresponding user and executing the record produce lot of business logic problem for us. So after the user login we need automatically to set row level security for all the tables. Based on the user who login. So from there if we try select * from <tablename> then we can only able to get the allowed records to select, insert, update, delete. Please can some one help how to solve this? Note: For some help you can refer the below URL (See in that they only given about the row level and column level security for each database users not for our required concept) http://www.microsoft.com/technet/prodtechnol/sql/2005/multisec.mspx Thanks in advance Rams You can use most of the same general view-based approaches as described at
http://www.microsoft.com/technet/prodtechnol/sql/2005/multisec.mspx with application-supplied user identities as long as you don't share database connection instances (SQL Server sessions) between users. The only difference is how you read the user identity. For example, if you want to limit a user's ability to read data from a given table to only those rows that the user "owns", you might restrict access by only granting permissions on a view like the following: SELECT <column list> FROM YourTable WHERE OwnerUser = dbo.CurrentUserID() The CurrentUserID function would be a custom function that returns the user ID for the current session, however you choose to store it (e.g.: session-level temp table or context_info). If you do need to share connection instances between users, then this approach won't work, and you might need to consider using stored procedures to restrict access to the data, with the user identity passed as a parameter to each stored procedure. Show quote "Friends" <ramasam***@gmail.com> wrote in message news:1145615774.628969.99790@i39g2000cwa.googlegroups.com... > Hi > > I need to set security for row level but not based on Database user's > login. It should be based on the user table login. For the particular > user I need to allow only the particular records to access insert, > update delete and select. > > Let me explain clearly > > For example think we are using asp/asp.net website > > Eg: > > www.test.com > > So take this is our website and if you try this URL then you will get a > window for Login name and password. > For example the Login name is windows user name (Here windows user > means server windows user and not client) and windows password. So if > you have login user id you can able to login in our site and we have > another check. We have our own usertable this table consist all the > user login names and user rights. We will check the windows user who > login in our site has rights in the usertable I mean he is present in > the usertable if he is not present then we will display a message you > have no rights to access this site. > If he has login id in our usertable then he allowed viewing our > pages. Still if he has the login id we will check the user who login > has how much right to access to each page and the records of each table > its all depend on the user rights. > > So, here I need the row level security. For each and every table we > need to check the corresponding user and executing the record produce > lot of business logic problem for us. > So after the user login we need automatically to set row level > security for all the tables. Based on the user who login. > > So from there if we try select * from <tablename> then we can only able > to get the allowed records to select, insert, update, delete. > > Please can some one help how to solve this? > > Note: > > For some help you can refer the below URL (See in that they only given > about the row level and column level security for each database users > not for our required concept) > > http://www.microsoft.com/technet/prodtechnol/sql/2005/multisec.mspx > > > Thanks in advance > Rams >  |
|||||||||||||||||||||||
Other interesting topics