patternsqlMinor
Hide Table Structure
Viewed 0 times
structurehidetable
Problem
Is there a way to restrict a user from viewing the table structure? I just want them to have a SELECT, INSERT, UPDATE, DELETE access only on that table. I want to restrict a specific programmer on the following:
1. He is not allowed to see any table definition
2. He is not allowed to create Stored Procedure
3. Since there were already Stored Procedures (SPs) for saving, updating, selecting and deleting records, that programmer will just use this SPs in accessing/manipulating records.
Overall, for security reason, we don't want that programmer to have any of design of the database.
1. He is not allowed to see any table definition
2. He is not allowed to create Stored Procedure
3. Since there were already Stored Procedures (SPs) for saving, updating, selecting and deleting records, that programmer will just use this SPs in accessing/manipulating records.
Overall, for security reason, we don't want that programmer to have any of design of the database.
Solution
This seems a strange request but it is possible.
They will of course be able to see the names of the columns by issuing a
You also say
Since there were already Stored Procedures (SPs) for saving, updating, selecting and deleting records, that programmer will just use this SPs in accessing/manipulating records.
In that case probably they don't need any permissions at all on the table. If the table and stored procedures have the same owner you just need to grant
GRANT SELECT ON YourTable TO FOO;
GRANT INSERT ON YourTable TO FOO;
GRANT UPDATE ON YourTable TO FOO;
GRANT DELETE ON YourTable TO FOO;
DENY VIEW DEFINITION ON YourTable TO FOO;They will of course be able to see the names of the columns by issuing a
SELECT * and be able to get the datatypes with a bit more effort by select into a new (possibly #temp) table. They will lose intellisense on that table.You also say
Since there were already Stored Procedures (SPs) for saving, updating, selecting and deleting records, that programmer will just use this SPs in accessing/manipulating records.
In that case probably they don't need any permissions at all on the table. If the table and stored procedures have the same owner you just need to grant
exec permissions on the procedure and the access to the table in the procedure will still succeed through ownership chaining.Code Snippets
GRANT SELECT ON YourTable TO FOO;
GRANT INSERT ON YourTable TO FOO;
GRANT UPDATE ON YourTable TO FOO;
GRANT DELETE ON YourTable TO FOO;
DENY VIEW DEFINITION ON YourTable TO FOO;Context
StackExchange Database Administrators Q#165929, answer score: 6
Revisions (0)
No revisions yet.