Results 1 to 8 of 8
  1. #1
    Join Date
    May 2006
    Posts
    7

    Unanswered: How To Restrict End User to update field in database manually....

    Dear Freinds..

    I want to protect a field in a table...i want to restrict users to update the value in that field...by manually logging into that database...it can be updated only through the application...if any body manually update the field value....it has to be captured in log with old value....is it possible to do this sql server...if any of u says yes 'its possible' then other wise

  2. #2
    Join Date
    Jun 2003
    Location
    Ohio
    Posts
    12,592
    Provided Answers: 1
    Why do you allow users to manually log into the database in the first place? If you follow good database application design principles and limit all access to the database to stored procedures, you won't have this problem.
    If it's not practically useful, then it's practically useless.

    blindman
    www.chess.com: "sqlblindman"
    www.LobsterShot.blogspot.com

  3. #3
    Join Date
    Nov 2002
    Location
    Jersey
    Posts
    10,322
    Brett
    8-)

    It's a Great Day for America everybody!

    dbforums Yak CorralRadio 'Rita
    dbForums Member List
    I'm Good Once as I ever was

    The physical order of data in a database has no meaning.

  4. #4
    Join Date
    May 2006
    Posts
    7
    Dear Blindman,

    thks for ur opinion ,i respect ur opinion.our aplication is a huge distributed application its running across 4000 location....we are having all the security design in database level..still worrying about some smart users...and our clients very concern on some values should not be tampered on database...since they had those worst experience previously...and more over 100 people are giving support for this app..who is having rights to access the database.........

    Cheers
    Sathesh.M

  5. #5
    Join Date
    Feb 2004
    Location
    In front of the computer
    Posts
    15,579
    Provided Answers: 54
    Can you give the support users SELECT permissions, but not UPDATE permissions? That woud allow them to "see" the data, but not to change it.

    -PatP

  6. #6
    Join Date
    Nov 2004
    Location
    on the wrong server
    Posts
    8,835
    Provided Answers: 6
    Quote Originally Posted by Brett Kaiser
    Damn it. I have to start reading your blog. I just wrote something very similar but mine does not have any caveats and I had to deal with synchronizing some existing history tables with the live tables.
    “If one brings so much courage to this world the world has to kill them or break them, so of course it kills them. The world breaks every one and afterward many are strong at the broken places. But those that will not break it kills. It kills the very good and the very gentle and the very brave impartially. If you are none of these you can be sure it will kill you too but there will be no special hurry.” Earnest Hemingway, A Farewell To Arms.

  7. #7
    Join Date
    Jun 2003
    Location
    Ohio
    Posts
    12,592
    Provided Answers: 1
    Quote Originally Posted by Pat Phelan
    Can you give the support users SELECT permissions, but not UPDATE permissions? That woud allow them to "see" the data, but not to change it.

    -PatP
    ...and even then, you should not allow them to view the tables directly. You should create SQL Views for the data they are allowed to see and then grant SELECT access to those views.
    If it's not practically useful, then it's practically useless.

    blindman
    www.chess.com: "sqlblindman"
    www.LobsterShot.blogspot.com

  8. #8
    Join Date
    Feb 2004
    Location
    In front of the computer
    Posts
    15,579
    Provided Answers: 54
    Quote Originally Posted by blindman
    ...and even then, you should not allow them to view the tables directly. You should create SQL Views for the data they are allowed to see and then grant SELECT access to those views.
    Yeah, but I was trying to KISS.

    -PatP

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •