Download eBook (PDF) - Red Gate Software

3 – Schema Architecture StrategiesFor data integrity purposes, we do not want users deleting records. Also, thevwBorrower view is not updatable since it contains joins to other tables;therefore, only the SELECT privileges are granted, as shown in Listing 3-6.Use HomeLending;GOGRANT SELECTON dbo.vwBorrowerTO Sensitive_medium;GOListing 3-6: Granting to the database role, Sensitive_medium, permission toselect on the view vwBorrower.Since the Database Role named Sensitive_high is included as a member ofthe Sensitive_medium Database Role, we do not need to explicitly grantpermissions to the Sensitive_high Database Role.At this point, every login that is a member of the Sensitive_meduim orSensitive_high role will have permission to access our view. However,let's say we have a specific user, with a SQL Server Login of JOHNSONTE,who meets the overall requirements for membership of theSensitive_meduim role but should be restricted to specific data due to otherpolicies. In this case, the internal policy dictates that JOHNSONTE should nothave access to details regarding a borrower's loan history.To deny the SQL Server Login JOHNSONTE of SELECT privileges to thevwBorrower view, the command shown in Listing 3-7 would be executed.Use HomeLending;GODENY SELECTON dbo.vwBorrowerTO JOHNSONTE;GOListing 3-7: Denying SELECT privileges to the SQL Server login JOHNSONTE.At some point during the course of business, the previous internal policy hasbeen changed and this user is now allowed access to loan data. To remove theprevious DENY that was implemented we will use the REVOKE command. Thiscommand removes any previously granted or denied permissions. The use ofthe REVOKE command is illustrated in Listing 3-8:76