Solved

rbac and row level permissions

Posted on 2009-05-06
1
945 Views
Last Modified: 2012-05-06
Hi Experts,
I have been much reading on rbac. A typical rbac sql database schema is described to have...
Users -> Roles -> Permissions structure that act on objects (ie. tables) in a database. This I am fine with (I think)

My question is about permissions given to each row in a resource like tblNews table in order to protect it. So from a Users perspective...

Users Permission = I can edit each row in the tblNews table where the assigned editors of any row are USERTYPE_X

and from the tblNews perspective...

tblNews Permission = This rows editors are USERTYPE_X and USERTYPE_Y

i.e. the data in any one row of a resource is itself protected by a combination of PermissionType (CAN_EDIT_NEWS) and UserType (Club Secretary).

So, rather than a table get protected, it is each row that gets protected.

I hope this makes sense and if you know where I am trying to get to I will appreciate any thoughts and feedback.
0
Comment
Question by:MonCapitan
1 Comment
 
LVL 31

Accepted Solution

by:
RiteshShah earned 250 total points
ID: 24321942
there is no direct facility for row level permission. however, you can do it manually, like create few groups for permission, assign every user to one or more group, when you insert the row, create one mapping table that will have rowid and permitted group ID. when you execute SELECT, you have to query only those row number which are listed in mapping table for the group who is looking for row.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article explains how to reset the password of the sa account on a Microsoft SQL Server.  The steps in this article work in SQL 2005, 2008, 2008 R2, 2012, 2014 and 2016.
I have a large data set and a SSIS package. How can I load this file in multi threading?
Familiarize people with the process of retrieving data from SQL Server using an Access pass-thru query. Microsoft Access is a very powerful client/server development tool. One of the ways that you can retrieve data from a SQL Server is by using a pa…
Via a live example, show how to extract insert data into a SQL Server database table using the Import/Export option and Bulk Insert.

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now