tags:

views:

215

answers:

1
Q: 

Minimum permissions required for an updatable query (Access Project)

In an Access Project (ADP), with a SQL backend, what are the minimum permissions required for Access to be able to update records returned from a view bound to a form, yet prevent a direct SELECT on the underlying table? For instance:

Table: Table1 Columns: ID, Column1, Column2, Column3, Column4

View: View1

SELECT ID, Column1, Column2, Column3 FROM Table1 WHERE Column1 = 'Something'

As a database owner, or in the role db_owner (or roles db_datareader, db_datawriter), the records can be updated via Access when bound to the view. However, if the user is not a member of these, the record is not updatable via Access. I granted SELECT, UPDATE to View1 and denied SELECT to Table1 and allowed UPDATE to Table1 (in case having UPDATE on a view doesn't work). I also denied UPDATE to Column1 as I don't want the users to update that column.

If I connect to the SQL Database (with SQL Server Management Studio) with these permissions set, I can update the records in the view, yet in Access I can't. Why is this? I don't know what queries Access is issuing to update a record to determined why it is failing.

Edit:

Still not figured out a way of finding out what permissions Access needs to do UPDATE without SELECT.. SQL Profiler did not show any obvious cause of the 'recordset not updatable' message.

+1  A: 

Not sure it's possible for Access to update something it can't select.

You can attach Sql Profiler to the server to see which queries Access is running.

Andomar  2009-06-25 10:16:16
It is retreiving the data, just via a view instead. Even with DENY SELECT on Table1, you can still see the data in Access, just not update it. Even GRANT SELECT on Table1 does not make it updatable.
Sam  2009-06-25 11:16:42
Tried Sql Profiler but can't figure out how to limit it to queries that just run on a particular database (rather than all of them)
Sam  2009-07-03 10:05:48
Under Trace properties > Events Selection tab > select show all columns. Now under column filters, you should see the database name. Enter the database name for the Like section and you should see traces only for that database. http://stackoverflow.com/questions/272730/sql-server-profiler-how-to-filter-trace-to-only-display-events-from-one-databas
Andomar  2009-07-03 12:40:21

related questions

Sql to query a dbs scheme
Transform Columns into Rows
SQL Client for Mac OS X that works with MS SQL Server
How do you get leading wildcard full-text searches to work in SQL Server?
SQL Server 2000: Is there a way to tell when a record was last modified?
What's the BEST way to remove the time portion of a datetime value (SQL Server)
I need to know how much disk space a table is using in SQL Server
What's the best way to determine if a temporary table exists in SQL Server?
Appropriate pagefile size for SQL Server
Have you ever encountered a query that SQL Server could not execute because it referenced too many tables?
ASP.NET MVC "CRUD" Database Sample
How do I unit test persistence?
Best Book for a new Database Developer
Can I logically reorder columns in a table?
Best way to copy a database in SQL Server 2005/8?
Is Windows Server 2008 "Server Core" appropriate for a SQL Server instance?
Why doesn't SQL Full Text Indexing return results for words containing #?
Client collation and SQL Server 2005
Editing database records by multiple users
Deploying SQL Server Databases from Test to Live
SQL Server 2005 implementation of MySQL REPLACE INTO?
Upgrading SQL Server 6.5
How do I version my MS SQL database in SVN?
How to export data from SQL Server 2005 to MySQL
Check for changes to a SQL table?