Hi,
I need some kind of row level security.
I currently have this by implementing a complete proprietary way and now I
want to migrate this to as much standard functionality as possible - simply
to have less code to test maintain ;)
I'm working with vb6 and vb.net on sql server 2000 running at a windows 2003
server inside an NT4 domain.
I'm planning to use one DACL per row - but I guess in SQL-Server a row has
no ACL that is checked by the server automatically. Our databases caontain a
table "securerows" which contains 1000 to 1000000 rows (depending on the
usage of our products). Access to these rows need to be checked against
domain user accounts on a per row basis (each query result contains only one
row). I want to use DACLs, because I need Groups with inheritance.
Does anybody have some expirience with such a kind of security in sql
server?
Thanks for each reply ;)
SvenHi
You may want to check out:
http://tinyurl.com/jr1p
John
"Sven Erik Matzen" <sven.matzen@.dontspamme.com> wrote in message
news:uTMoEvLYDHA.2256@.TK2MSFTNGP10.phx.gbl...
> Hi,
> I need some kind of row level security.
> I currently have this by implementing a complete proprietary way and now I
> want to migrate this to as much standard functionality as possible -
simply
> to have less code to test maintain ;)
> I'm working with vb6 and vb.net on sql server 2000 running at a windows
2003
> server inside an NT4 domain.
> I'm planning to use one DACL per row - but I guess in SQL-Server a row has
> no ACL that is checked by the server automatically. Our databases caontain
a
> table "securerows" which contains 1000 to 1000000 rows (depending on the
> usage of our products). Access to these rows need to be checked against
> domain user accounts on a per row basis (each query result contains only
one
> row). I want to use DACLs, because I need Groups with inheritance.
> Does anybody have some expirience with such a kind of security in sql
> server?
> Thanks for each reply ;)
> Sven
>|||<<
> I currently have this by implementing a complete proprietary way and now I
> want to migrate this to as much standard functionality as possible -
simply
Unfortunately... that won't be an easy task. SQL Server provides no support
for row level secrity as you've seen. There really isn't an good way to do
it. When it's all said and done... you'll need to use a completely
proprietaty approach such as the one that you've outlined.
--
Brian
"John Bell" <jbellnewsposts@.hotmail.com> wrote in message
news:3f38d3cf$0$18492$ed9e5944@.reading.news.pipex.net...
> Hi
> You may want to check out:
> http://tinyurl.com/jr1p
> John
> "Sven Erik Matzen" <sven.matzen@.dontspamme.com> wrote in message
> news:uTMoEvLYDHA.2256@.TK2MSFTNGP10.phx.gbl...
> > Hi,
> >
> > I need some kind of row level security.
> > I currently have this by implementing a complete proprietary way and now
I
> > want to migrate this to as much standard functionality as possible -
> simply
> > to have less code to test maintain ;)
> > I'm working with vb6 and vb.net on sql server 2000 running at a windows
> 2003
> > server inside an NT4 domain.
> > I'm planning to use one DACL per row - but I guess in SQL-Server a row
has
> > no ACL that is checked by the server automatically. Our databases
caontain
> a
> > table "securerows" which contains 1000 to 1000000 rows (depending on the
> > usage of our products). Access to these rows need to be checked against
> > domain user accounts on a per row basis (each query result contains only
> one
> > row). I want to use DACLs, because I need Groups with inheritance.
> >
> > Does anybody have some expirience with such a kind of security in sql
> > server?
> >
> > Thanks for each reply ;)
> >
> > Sven
> >
> >
>|||Hi John,
Thanks for the URL. I think I will continue to build my own DACL based
approach, because this already provides a GUI and User/Group inheritance.
I'm a little bit surprised that MS is not implementing DACL support for
MS-SQL-Server, but I think it's the same story that caused Enterprise
Manager and also some other MS-Products (like SourceSafe) do not respect MS
guidelines.
May be DACL support is a nice feature suggestion for the next version -
would make the security administration a lot easier, because you are not
forced to learn another security model/gui.
Sven
"John Bell" <jbellnewsposts@.hotmail.com> wrote in message
news:3f38d3cf$0$18492$ed9e5944@.reading.news.pipex.net...
> Hi
> You may want to check out:
> http://tinyurl.com/jr1p
> John
> "Sven Erik Matzen" <sven.matzen@.dontspamme.com> wrote in message
> news:uTMoEvLYDHA.2256@.TK2MSFTNGP10.phx.gbl...
> > Hi,
> >
> > I need some kind of row level security.
> > I currently have this by implementing a complete proprietary way and now
I
> > want to migrate this to as much standard functionality as possible -
> simply
> > to have less code to test maintain ;)
> > I'm working with vb6 and vb.net on sql server 2000 running at a windows
> 2003
> > server inside an NT4 domain.
> > I'm planning to use one DACL per row - but I guess in SQL-Server a row
has
> > no ACL that is checked by the server automatically. Our databases
caontain
> a
> > table "securerows" which contains 1000 to 1000000 rows (depending on the
> > usage of our products). Access to these rows need to be checked against
> > domain user accounts on a per row basis (each query result contains only
> one
> > row). I want to use DACLs, because I need Groups with inheritance.
> >
> > Does anybody have some expirience with such a kind of security in sql
> > server?
> >
> > Thanks for each reply ;)
> >
> > Sven
> >
> >
>|||Hi
Requests for new features can be sent to
SQL Server Wish: sqlwish@.microsoft.com
John
"Sven Erik Matzen" <sven.matzen@.dontspamme.com> wrote in message
news:%232OPTfWYDHA.1004@.TK2MSFTNGP12.phx.gbl...
> Hi John,
> Thanks for the URL. I think I will continue to build my own DACL based
> approach, because this already provides a GUI and User/Group inheritance.
> I'm a little bit surprised that MS is not implementing DACL support for
> MS-SQL-Server, but I think it's the same story that caused Enterprise
> Manager and also some other MS-Products (like SourceSafe) do not respect
MS
> guidelines.
> May be DACL support is a nice feature suggestion for the next version -
> would make the security administration a lot easier, because you are not
> forced to learn another security model/gui.
> Sven
> "John Bell" <jbellnewsposts@.hotmail.com> wrote in message
> news:3f38d3cf$0$18492$ed9e5944@.reading.news.pipex.net...
> > Hi
> >
> > You may want to check out:
> >
> > http://tinyurl.com/jr1p
> >
> > John
> >
> > "Sven Erik Matzen" <sven.matzen@.dontspamme.com> wrote in message
> > news:uTMoEvLYDHA.2256@.TK2MSFTNGP10.phx.gbl...
> > > Hi,
> > >
> > > I need some kind of row level security.
> > > I currently have this by implementing a complete proprietary way and
now
> I
> > > want to migrate this to as much standard functionality as possible -
> > simply
> > > to have less code to test maintain ;)
> > > I'm working with vb6 and vb.net on sql server 2000 running at a
windows
> > 2003
> > > server inside an NT4 domain.
> > > I'm planning to use one DACL per row - but I guess in SQL-Server a row
> has
> > > no ACL that is checked by the server automatically. Our databases
> caontain
> > a
> > > table "securerows" which contains 1000 to 1000000 rows (depending on
the
> > > usage of our products). Access to these rows need to be checked
against
> > > domain user accounts on a per row basis (each query result contains
only
> > one
> > > row). I want to use DACLs, because I need Groups with inheritance.
> > >
> > > Does anybody have some expirience with such a kind of security in sql
> > > server?
> > >
> > > Thanks for each reply ;)
> > >
> > > Sven
> > >
> > >
> >
> >
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment