Login | Register   
LinkedIn
Google+
Twitter
RSS Feed
Download our iPhone app
TODAY'S HEADLINES  |   ARTICLE ARCHIVE  |   FORUMS  |   TIP BANK
Browse DevX
Sign up for e-mail newsletters from DevX


Tip of the Day
Language: SQL Server
Expertise: Beginner
Mar 13, 2000

Column-Level Permissions or Access

Question:
I have a table that contains about six million records. Each record contains some sensitive data or data that be accessible by the public. What would be the best method to allow access to the table, yet block the access to the sensitive columns (i.e., name, address, etc.)?

Answer:
There are basically three methods that you can use. Each solution has its pros and cons:

  • Issue grants on the column level. It provides what you need but is not so easily managed. (Try using the GUI, for example, to implement column-level permissions.)
  • Create a view on the table for each group that includes just the columns that the group should be able to access. Grant rights on the view instead of the table. This is a very reasonable approach.
  • Create a stored procedure that returns the relevant fields for each group. The problem with this approach is that they must access the information via the stored procedure and cannot create their own ad-hoc queries. However, the benefit to this approach is the tight control it gives you. Using this approach, it is even possible to create an audit log of anyone retrieving sensitive information, which you cannot do on the back-end using any of the other methods.
DevX Pro
 
Comment and Contribute

 

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Sitemap