While working with some random sql queries on our databases, we may not want to insert or delete items to some of the database tables by just typing their names by mistake. So how to make them locked to the "editing", to be able to work safe.
Thanks.
Why not just define a role in your database and give that role rights to whatever tables your users need, but this role would not have update/delete rights to the tables you are concerned with?
As the others have mentioned, this should be set up in the Roles.
Here is a useful link on Understanding Roles in SQL Server 2000
Work with a limited-rights account, and deny it rights to modify the 'protected' tables.
Roles are the best practice way to go. However if you can't/won't use roles, you could use triggers, see this answer: SQL Server Query Editors - any that warn of number of rows to be changed?
Move these special tables to its own database. Give the user account only select privileges for this database.
Related
In SnowFlake, I want to provide access kind ofddl_admin in sql server to a user or role who can drop any tables in schema regardless anybody else is the owner of the table.
There is no concept of having a super role in Snowflake. Everything has to go by access hierarchy.
However, if all the roles are granted to ACCOUNTADMIN role then no matter which user creates the table, that can be dropped by ACCOUNTADMIN.
I am new to SQL server and now I have a database with thousands of tables stored. I want to replicate this database and pass this replica to other vendors, but for security concern, I would like to mask all the fields in the tables. The vendors don't really care about what has stored in the table but they do care about the structures or distributions about the tables.
The idea is to copy the current database and do masking then. But I don't know if SQL server has provided this technique to simplify the process. Appreciate it for any comments or suggestions!
Just deny view definition permission to the user who will access the database using the below query :-
USE master
GO
DENY VIEW ANY DEFINITION TO User1
Once you deny this permission to User1, all objects such as table,SP,view etc will be hidden in the database and at the sametime user1 will be able to do whatever he wants if he knows the object.
This will mask the all objects from the user.
Is there a way to list table and column names where I am not granted access? I am a developer trying to access and see if a column name is available but dba's are restricting any sort of read 'select' access. This is for SQL Server 2008. Thanks.
It would be best to open up communications with your DBA for this issue. Technically speaking there is a way to do this however the DBA is likely the only one that can provide this information. Which asking what you have permissions to is not an unreasonable request in my eyes (as a DBA).
You might also suggest that in place of you having to ask them these types of questions over and over if they can grant you VIEW DEFINITION on the particular database. This grants you metadata access to objects in the database without granting access to the objects themselves.
No, there isn't. The SQL Server will not expose any metadata on objects you dont have a privilege to use. So, if you don't have a SELECT permission on a table, you won't see it's metadata. Same with stored procedures etc.
Try this:
select * from INFORMATION_SCHEMA.TABLES
select * from INFORMATION_SCHEMA.COLUMNS where TABLE_NAME='<name>'
Not sure if the DBA's restricted access to these views or not
I need something similar to mysql's GRANT SELECT ON db.* TO user in postgresql 8.4. The solutions I find online use a for loop to select tables on at a time and grant privileges on them. But that would mean I would have to rerun the command every time a new table is added to the database.
Is there a more straightforward solution to this?
Assuming you don't have any specific schemas defined, all your tables will be in the 'public' schema, so you can say:
GRANT <permissions> ON ALL TABLES IN SCHEMA public TO <roles>;
This only works on 9.0 or above though, so you're out of luck in 8.4.
See also: http://www.postgresql.org/docs/8.4/static/ddl-schemas.html
Note that often granting a certain user's rights to another user makes as much or more sense and is easier to keep track of.
create user dbuser9;
create database test9 with owner dbuser9;
\c test9 dbuser9
create a bunch of stuff...
\c postgres postgres
grant dbuser9 to stan;
Default privileges came with version 9.0, it's not available in older versions.
You can create a stored procedure that loops through all tables and sets the privileges.
whats the best way to grant access to a few users to a couple tables in a SQL Server 2005 database?
I know the literature pushes the use of views but what is the gain over granting read only access to the actual table?
at least with the table there will be less overhead in that the index and other restraints are already in place and managed at the table (a single point of maintenance). If I make views then won't i need to maintain them and create indexes on them... as well as this will be additional overhead for SQL itself?
CREATE ROLE role_name
GRANT SELECT ON table_name TO role_name
Don't forget to add users to that role. Adding individual permissions is generally a bad practice.
Using views and giving permissions to the view is useful if you want to hide particular columns / name columns in different ways / otherwise filter the data.