Sunday, February 19, 2012

How To Restrict End User to update field in database manually....

Dear Freinds..

I want to protect a field in a table...i want to restrict users to update the value in that field...by manually logging into that database...it can be updated only through the application...if any body manually update the field value...it has to be captured in log with old value...is it possible to do this sql server...if any of u says yes 'its possible' then :beer: other wise :eek:Why do you allow users to manually log into the database in the first place? If you follow good database application design principles and limit all access to the database to stored procedures, you won't have this problem.|||triggers and history tables

http://weblogs.sqlteam.com/brettk/archive/2004/10/20/2242.aspx|||Dear Blindman,

thks for ur opinion ,i respect ur opinion.our aplication is a huge distributed application its running across 4000 location...we are having all the security design in database level..still worrying about some smart users...and our clients very concern on some values should not be tampered on database...since they had those worst experience previously...and more over 100 people are giving support for this app..who is having rights to access the database.......

Cheers
Sathesh.M|||Can you give the support users SELECT permissions, but not UPDATE permissions? That woud allow them to "see" the data, but not to change it.

-PatP|||triggers and history tables

http://weblogs.sqlteam.com/brettk/archive/2004/10/20/2242.aspx

Damn it. I have to start reading your blog. I just wrote something very similar but mine does not have any caveats and I had to deal with synchronizing some existing history tables with the live tables.|||Can you give the support users SELECT permissions, but not UPDATE permissions? That woud allow them to "see" the data, but not to change it.

-PatP
...and even then, you should not allow them to view the tables directly. You should create SQL Views for the data they are allowed to see and then grant SELECT access to those views.|||...and even then, you should not allow them to view the tables directly. You should create SQL Views for the data they are allowed to see and then grant SELECT access to those views.Yeah, but I was trying to KISS.

-PatP
Posted by evokeyuig at 11:01 PM
Labels: , , , , , , , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)