SQL Server row filtering based on user

Posted on 2007-07-30
Last Modified: 2010-03-19
Does SQL Server support row filtering based on user? This is for SQL 2000  or SQL 2005. For example a table contains a column with distinct values 'X','Y' and 'Z'. User 1 can only see rows where the column = 'X', user 2 can only see rows where the column = 'Y' and user 3 can only see rows where the column = 'Z'.

The same SQL query must be run in all cases - I don't want to create three different views for example.

So all three users would run "select * from tablename" but they would all see different results.
Question by:purplesoup
    LVL 32

    Assisted Solution

    by:Daniel Wilson
    If I am not much mistaken, you would create 3 views with different owners (in SQL 2000).

    Create view User1.MyView
    Select field1, ... fieldn From TableName Where Fieldx = 'X'


    Create view User2.MyView
    Select field1, ... fieldn From TableName Where Fieldx = 'Y'



    Then when each user connects to the DB and issues "Select * from MyView" he would get his own view.

    SQL2005 changes the owner / schema model.  It's supposed to be better, but I think you'd accomplish it a little differently there.
    LVL 10

    Accepted Solution

    You can do it with one view and use system_user to determine the current user:

    CREATE View ViewName AS
    SELECT ...
    FROM ...
    WHERE XYZColumn =
      CASE system_user
          WHEN 'User1' THEN 'X'
          WHEN 'User2' THEN 'Y
          WHEN 'User3' THEN 'Z'
    LVL 68

    Assisted Solution

    You should consider putting the details of the restrictions in a table, so you don't have to constantly recode and recompile views.  For example (only -- more design work almost surely needs done :-) ):

    CREATE TABLE UserRestriction (
        code SMALLINT,  --diff. code assigned to each table column that must be compared against to restrict access
        username SYSNAME,
        value SQL_VARIANT,
        CONSTRAINT UserRestriction_CI
            UNIQUE CLUSTERED (code, username)
    INSERT INTO UserRestriction VALUES(1, 'User1', 'X')  --code 1 = table1.dataColumn5
    INSERT INTO UserRestriction VALUES(1, 'User2', 'Y')
    INSERT INTO UserRestriction VALUES(1, 'User3', 'Z')

    SELECT ...
    FROM table1
    INNER JOIN UserRestriction ur ON ur.code = 1 AND table1.username = SUSER_SNAME() AND table1.dataColumn5 = ur.value

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Better Security Awareness With Threat Intelligence

    See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

    Suggested Solutions

    Let's review the features of new SQL Server 2012 (Denali CTP3). It listed as below: PERCENT_RANK(): PERCENT_RANK() function will returns the percentage value of rank of the values among its group. PERCENT_RANK() function value always in be…
    Load balancing is the method of dividing the total amount of work performed by one computer between two or more computers. Its aim is to get more work done in the same amount of time, ensuring that all the users get served faster.
    This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
    This videos aims to give the viewer a basic demonstration of how a user can query current session information by using the SYS_CONTEXT function

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now