tags:

views:

157

answers:

4
+2  Q: 

How do I make one user see a different table with same name

Goal: When everybody else does SELECT * FROM mytable they see one version of the table. But when a specific user does SELECT * FROM mytable they see another version of the table.

I think I'm like halfway there with creating a new role and putting the single user in it. Then creating a copy of the default table with SELECT * INTO newrole.mytable FROM dbo.mytable. But when the user does SELECT * FROM mytable they still see the dbo.mytable. How do I get them to default to the newrole.mytable? I still need them to see all the other dbo tables just not this one.

+1  A: 

I don't know if this may help but you may be able to make a view of a different table with the same name, here is an excerpt from http://www.w3schools.com/SQl/sql_view.asp:

In SQL, a view is a virtual table based on the result-set of an SQL statement.

A view contains rows and columns, just like a real table. The fields in a view are fields from one or more real tables in the database.

You can add SQL functions, WHERE, and JOIN statements to a view and present the data as if the data were coming from one single table.

ldog  2009-08-07 20:01:26
You can't make a view with the same name as an existing table in the same schema. If you try, you'll get error Msg 2714 ("object with that name already exists").
Rick  2009-08-07 21:00:08
Unless you put that view into a different schema, then you can't create a view with the same name as a table. Furthermore, you can't direct a specific user to a view instead of a table. This, frankly, doesn't answer the question at all - and is incorrect as well.
Mark Brackett  2009-08-08 02:33:35
A: 

This is a very bad idea. I'm not sure why people try all these crazy methods to improve security but it's just plain counter productive.

Ultimately every security system comes down to some line like the following if(User.HasAccessTo(object)). In fact, if you've designed a well thought out security system that's almost exactly how it should work. The more disjointed your authentication checks, the more likely you'll make a mistake. If only some users have access to certain record information you should add a flag to those records and verify access based on that.

Spencer Ruport  2009-08-07 20:21:32
+1  A: 

Create a new schema, and a duplicate table (or view onto dbo.table if that's what you want) in it - eg., otheruser.table. Then, set the user's login to default to that schema:

USE atest
GO

CREATE ROLE [arole]
GO

CREATE SCHEMA [aschema] AUTHORIZATION [arole]
GO

CREATE USER [auser] FOR LOGIN [modify_user] WITH DEFAULT_SCHEMA = aschema
GO

EXEC sp_addrolemember 'arole', 'auser'
GO

CREATE TABLE dbo.atable ( col1 int )
GO

CREATE TABLE aschema.atable (col2 varchar(10))
GO

INSERT INTO dbo.atable( col1 ) VALUES( 1 )
GO

INSERT INTO aschema.atable( col2 ) VALUES( 'One' )
GO

PRINT 'dbo'
SELECT * FROM atable
GO

EXECUTE AS USER = 'auser'
GO

PRINT 'aschema'
SELECT * FROM atable
GO

REVERT
GO
Mark Brackett  2009-08-07 20:44:28
are schemas in sql server 2000? The actual implementation will be 2005 but I have 2000 on my test instance.
Will Rickards  2009-08-07 21:04:18
How would you handle mixed roles if you use schemas?
OMG Ponies  2009-08-08 02:18:07
This approach is also poor if MyTable in either schema is identical.
OMG Ponies  2009-08-08 02:20:59
@Will Rickards - Yes, schemas are in SQL 2000 - though some of the specific T-SQL syntax changes.
Mark Brackett  2009-08-08 02:27:54
@rexem - You assign a *user* a default schema - you set the role as owner of the schema (so that you can drop a user without dropping the schema and it's associated objects). Frankly, the role isn't necessary for this example.
Mark Brackett  2009-08-08 02:31:06
@rexem - Also, MyTable being identical doesn't really make a difference. It'd be confusing, but really the intent of the OP is to "lie" to the user - which equals confusion in most cases. To be fair though, schemas are a lesser known MSSQL feature - and I wouldn't suggest their use in most cases.
Mark Brackett  2009-08-08 02:32:59
I haven't tested the schema thing, I got it working without schemas but I'll go ahead and accept this answer as it is probably the correct way to do it. This is just a proof of concept at this stage anyway.
Will Rickards  2009-08-08 03:17:51
Proof of concept for a bad idea.
Spencer Ruport  2009-08-08 03:33:13
+1  A: 

I use Postgres primarily, so YMMV, but in postgres you need to

1) Create the new schema, preferably owned by the new role, and put the table in it 2) Set the search_path variable to include that schema BEFORE the other one.

Hope it helps.

Jeff Cooper  2009-08-07 20:54:26

related questions

Backup SQL Schema Only?
Sql to query a dbs scheme
Timer-based event triggers
Sql query, count and group by
Paging SQL Server 2005 Results
SQL 2005 For XML Explicit - Need help formatting
How do I use T-SQL Group By
What all do I need to escape when sending a (My)SQL query?
Split String in SQL
Datatable vs Dataset
ASP.NET MVC "CRUD" Database Sample
Convert HashBytes to VarChar
Best Book for a new Database Developer
What is the best way to avoid SQL injection attacks?
What language do you use for Postgresql triggers and stored procedures?
What is the best way to handle multiple permission types?
How do I index a database field
Swap unique indexed column values in database.
cx_Oracle - what is the best way to iterate over a result set?
cx_Oracle - How do I access Oracle from Python?
Is there a version control system for database structure changes?
How to export data from SQL Server 2005 to MySQL
ASP.NET Site Maps
Decoding T-SQL CAST in C#/VB.net
Flat File Databases in PHP