Download eBook (PDF) - Red Gate Software

3 – Schema Architecture Strategiesb.Borrower_ID,ba.Borrower_Address_Street,ba.Borrower_Address_City,ba.Borrower_Address_State,ba.Borrower_Address_Zipcode,at.Address_Type_Desc,bn.Borrower_LName,bn.Borrower_MName,bn.Borrower_FNameFROMdbo.Borrower bINNER JOIN dbo.Borrower_Address baON b.Borrower_ID = ba.Borrower_IDINNER JOIN dbo.Borrower_Name bnON b.Borrower_ID = bn.Borrower_IDINNER JOIN dbo.Address_Type atON ba.Address_Type_ID = at.Address_Type_ID;GOListing 3-5: Creating a view in the HomeLending database.Once the view is created we can assign permissions to the view.Assigning Permissions to ViewsIn Chapter 2 of this book we explored data classification. As a result of thatprocess, we created some Database Roles and added some SQL Server Loginsas members. These roles were designed to manage the permissions to databaseobjects; therefore controlling the disclosure of sensitive data.In our sample database, we have utilized views to abstract the architecture ofour schema. We will not grant the Database Roles permission to access thetable objects. If a user, other than the database owner, were to access thedatabase through SQL Server Management Studio and try to view the tableobjects, none would appear. Instead, we will grant permission to access onlythe view objects. When stored procedures and user defined functions arecreated they too will have the appropriate permissions granted to them.In Listing 2-9 of Chapter 2, we used extended properties to assign a sensitivityof "medium" to all columns in our database. Therefore, the columns used in ourview, named vwBorrower, contain data that is classified as "medium" and sowe will need to grant permissions to access this view to the Database Rolenamed Sensitive_medium.75