tags:

views:

25

answers:

1
Q: 

Role Permissions Filtered View t-sql

Is it possible to filter the content of a t-sql view based on SELECT GRANTS assigned to the database roles of end users without generating SELECT permissions exceptions?

If so how?

Pseudo:

CREATE TABLE Beer(a(x), b(y)); GRANT SELECT ON Beer to BeerOnlyRole;
CREATE TABLE Wine(a(x), b(y)); GRANT SELECT ON Wine to WineAndBeerRole; 
GRANT SELECT ON Beer to WineAndBeerRole;

CREATE VIEW SimpleAlcoholSearch
 (
    SELECT  a  AS BrandName
           ,b  AS Strength
    FROM Beer

    UNION

    SELECT  a  AS BrandName
           ,b  AS Strength
     FROM Wine
 )

 GRANT SELECT ON SimpleAlcoholSearch to BeerOnlyRole;
 GRANT SELECT ON SimpleAlcoholSearch to WineAndBeerRole;

....

AS BeerOnlyRole : SELECT * FROM SimpleAlcoholSearch : BEER1 1% BEER2 2%

AS WineAndBeerRole : SELECT * FROM SimpleAlcoholSearch : BEER1 1% BEER2 2% WINE1 10% WINE2 11%

Thanks for reading this...

A: 

I solved this problem with a quick and dirty check on various catalog views for each table:

SELECT  a  AS BrandName
           ,b  AS Strength
    FROM Beer   

WHERE 1 = 

    (
         SELECT TOP 1 1
         FROM sys.database_permissions sy_dpe

         JOIN sys.objects sy_o ON sy_dpe.major_id = sy_o.object_id
         JOIN sys.schemas sy_sc ON sy_o.schema_id = sy_sc.schema_id
         JOIN sys.database_principals sy_dpr ON sy_dpe.grantee_principal_id = sy_dpr.principal_id
         JOIN sys.database_role_members sy_drm ON sy_drm.role_principal_id = sy_dpr.principal_id
         JOIN sys.database_principals sy_dpr2 ON sy_dpr2.principal_id = sy_drm.member_principal_id

         WHERE sy_dpr2.name = SYSTEM_USER
         AND sy_o.name = 'Beer'
         AND sy_sc.name = '[n]'
         AND sy_dpe.type = 'SL'
         AND sy_dpe.state = 'G'
    )

UNION

....

Anyone got a tidier approach?

Thanks

Matt  2010-01-15 11:22:40

related questions

*= in Sybase SQL
sql missing rows when grouped by DAY, MONTH, YEAR
Adapt Replace all strings in all tables to work with text
Can you call a webservice from TSQL code?
How to tell the data types after executing a stored procedure?
C# - SQLClient - Simplest INSERT
SQL Server: Get data for only the past year
Get last item in a table - SQL
Is there a way to make a TSQL variable constant?
Create a database from another database?
SQL Server PIVOT examples?
What are some references, lessons and or best practices for SQL optimization training.
What's a good way to check if two datetimes are on the same calendar day in TSQL?
Trigger without a transaction?
How do I do an Upsert Into Table?
What is the easiest way using T-SQL / MS-SQL to append a string to existing table cells?
How do I avoid using cursors in Sybase (T-SQL)?
Best .NET Solution for Frequently Changed Database
T-Sql date format for seconds since last epoch / formatting for sqlite input
HOWTO - Compare a date string to datetime in SQL Server?
Differences Between MySql and MS SQL
Best method for varchar date validation in Sybase (T-SQL)?
interrogating table lock schemes in T-SQL
Testing for inequality in T-SQL
T-Sql Remove Decimal Point From Money Data Type