Below is an example of how to set access rights in SQL2005 server. A trigger is created in DBase B which will add/update record in a table of DBase A. Account "developer" has full control of DBase B but only allow to insert/update record in that particular table of DBase A.
Account "developer" is used to create a record in DBase B and the trigger will create related record in DBase A
Steps:
1) Create account "developer" and add it to DBase A. (without set role to db_owner, db_denyreader, db_denywriter, etc)
2) Login SSMS as SA, execute commands as below to grant "developer" to access particular table of DBaseA:
use [DBaseA]
GO
GRANT INSERT ON [dbo].[table_XXX] TO [developer]
GRANT UPDATE ON [dbo].[table_XXX] TO [developer]
GRANT SELECT ON [dbo].[table_XXX] TO [developer]
GO
3) Login SSMS as SA, check access rights by command as below:
USE DBaseA;
EXECUTE AS USER = 'developer';
SELECT *
FROM fn_my_permissions('dbo.table_XXX', 'Object')
ORDER BY subentity_name, permission_name ;
REVERT;
GO
4) Login SSMS as "developer", try to create a record in related table of DBaseB, the trigger will be activated to insert a record in "table_XXX" of DBaseA.
Remark:
**Commands in step-2 will be ignored (and become useless) by SQL Server if role of user is set to "db_denywriter" in step 1.
Reference:
http://www.mssqltips.com/tip.asp?tip=1440
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment