|
|
Posted by Erland Sommarskog on 10/02/17 11:45
Alexander Kuznetsov (AK_TIREDOFSPAM@hotmail.COM) writes:
> I think one more scenario for select * views is when a view is used as
> a security tool. Suppose I expose a whole table to a user
>
> grant select on sales to johnsmith
>
> If later on I add a column to sales table, it is visible to johnsmith.
> Suppose I expose to danbrown only his own sales via a view:
> create view persons_own_sales
> as
> select * from sales where ...
>
> grant select on persons_own_sales to danbrown
>
> Again, If later on I add a column to sales table, I want it to be
> visible to danbrown with minimum maintenance - just refresh the view.
> Makes sense?
Yes, I think that I mentioned this in previous post in the thread.
Then again, it may be the case that you don't want to expose the
columns that controls access.
Also, in this case, the maintenance problem is smaller as there is
on one SELECT on the view. (I'm assuming the view has something like
WHERE user = SYSTEM_USER.) With a partitioned view, you have a
repetition with more room for errors.
--
Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se
Books Online for SQL Server 2005 at
http://www.microsoft.com/technet/prodtechnol/sql/2005/downloads/books.mspx
Books Online for SQL Server 2000 at
http://www.microsoft.com/sql/prodinfo/previousversions/books.mspx
Navigation:
[Reply to this message]
|