Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
TexMax007
Starting Member
5 Posts |
 Posted - 2009-12-07 : 12:26:46
|
| Hello everyone!I'm relatively new to this whole SQL thing so please bear with me.I've successfully installed Windows Server 2008 R2 on a computer and put SQL Server 2008 Enterprise on it as well.I've successfully connected to it from another computer using Windows authentication. Now I'm trying to learn how to keep my database secure using permissions and such.Say I have a table called employees where there is a bunch of information, one column of which is a password.I would like the user to be able to add records to this table (including fill in the password field) using a form, but I don't want this user to be able to view any of the previous passwords that were entered. (If the user somehow manages to look at the back-end of Access or Visual Studio w/e I end up using)I realize that I could create a View of the employee table to hide the password. But how would I allow this person to make changes to the original employee table without being able to view the original table?Maybe I could allow them to add to a different temporary table and then have a trigger that writes to the original table based off of that temporary table?Any assistance with this would be greatly appreciated.If I'm going about this all wrong, by all means let me know. I'm kind of flying by the seat of my pants here.Max |
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
Posted - 2009-12-07 : 12:51:44
|
| It is recommended that all data access be done through stored procedures. By using this approach, the users do not need table-level access but rather just EXEC on the stored procedures. So even if the users somehow get into the database using SSMS or similar, they can't view the data directly but only can execute stored procedures.Tara KizerMicrosoft MVP for Windows Server System - SQL Serverhttp://weblogs.sqlteam.com/tarad/Subscribe to my blog"Let's begin with the premise that everything you've done up until this point is wrong." |
 |
|
|
TexMax007
Starting Member
5 Posts |
Posted - 2009-12-07 : 13:01:32
|
| Thanks for the speedy reply!What you're saying sort of makes sense to me, but I know nothing about stored procedures or how to utilize them.Time to do some more reading! I imagine I'll be back to the forum with more questions in the near future.Again, thanks for the help.Max |
|
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
|
|
|
|
|
New guy help (table permissions) :-)