Solved

rbac and row level permissions

Posted on 2009-05-06
1
948 Views
Last Modified: 2012-05-06
Hi Experts,
I have been much reading on rbac. A typical rbac sql database schema is described to have...
Users -> Roles -> Permissions structure that act on objects (ie. tables) in a database. This I am fine with (I think)

My question is about permissions given to each row in a resource like tblNews table in order to protect it. So from a Users perspective...

Users Permission = I can edit each row in the tblNews table where the assigned editors of any row are USERTYPE_X

and from the tblNews perspective...

tblNews Permission = This rows editors are USERTYPE_X and USERTYPE_Y

i.e. the data in any one row of a resource is itself protected by a combination of PermissionType (CAN_EDIT_NEWS) and UserType (Club Secretary).

So, rather than a table get protected, it is each row that gets protected.

I hope this makes sense and if you know where I am trying to get to I will appreciate any thoughts and feedback.
0
Comment
Question by:MonCapitan
1 Comment
 
LVL 31

Accepted Solution

by:
RiteshShah earned 250 total points
ID: 24321942
there is no direct facility for row level permission. however, you can do it manually, like create few groups for permission, assign every user to one or more group, when you insert the row, create one mapping table that will have rowid and permitted group ID. when you execute SELECT, you have to query only those row number which are listed in mapping table for the group who is looking for row.
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction SQL Server Integration Services can read XML files, that’s known by every BI developer.  (If you didn’t, don’t worry, I’m aiming this article at newcomers as well.) But how far can you go?  When does the XML Source component become …
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
This video shows, step by step, how to configure Oracle Heterogeneous Services via the Generic Gateway Agent in order to make a connection from an Oracle session and access a remote SQL Server database table.
Via a live example, show how to setup several different housekeeping processes for a SQL Server.

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question