B
belu33fr
Hi,
My issue is on the view with View_metadata. Access 2003, Sql 2000 and 2005.
Lasted SP.
Because I had some problems of read only with this type of view (only in
Access), I were looking for a solution. I founded that this type of view
must have all primary key of each table selected and the view could be a
delete, read, insert and update view. I were surprise of this because it was
only in Access.
Becaue of this, it was a possible whole of security and I decide to make
some tests.
I made a database with 3 tables. I made a view with 2 tables and with
VIEW_METADATA. I created all triggers on this view. I try it. All is fine. I
made an user without access on table but grant access on the view (except
DRI). I try it on the database. This user can not view and access directly
to the table. The only possible thing is use the view. It's fine, he can
create, modify and delete data in the database. The security is ok, the user
can not see the real database and the scheme of it.
Unfortunately, I open the view in design mode ... and surprise: I can read
all about the query, see the definitions of the tables. Of course I can not
modify the query but I can see ALL. I thought that something was wrong in
security access. Nothing directly, member of public standard group (we can
not exclude somebody from this group), nothing special in the public group
security.
Question: How msaccess can read this scheme because it has nothing granted
execpt the use of this view? Now, I stop because I dont want say more how
use this question.
My issue is on the view with View_metadata. Access 2003, Sql 2000 and 2005.
Lasted SP.
Because I had some problems of read only with this type of view (only in
Access), I were looking for a solution. I founded that this type of view
must have all primary key of each table selected and the view could be a
delete, read, insert and update view. I were surprise of this because it was
only in Access.
Becaue of this, it was a possible whole of security and I decide to make
some tests.
I made a database with 3 tables. I made a view with 2 tables and with
VIEW_METADATA. I created all triggers on this view. I try it. All is fine. I
made an user without access on table but grant access on the view (except
DRI). I try it on the database. This user can not view and access directly
to the table. The only possible thing is use the view. It's fine, he can
create, modify and delete data in the database. The security is ok, the user
can not see the real database and the scheme of it.
Unfortunately, I open the view in design mode ... and surprise: I can read
all about the query, see the definitions of the tables. Of course I can not
modify the query but I can see ALL. I thought that something was wrong in
security access. Nothing directly, member of public standard group (we can
not exclude somebody from this group), nothing special in the public group
security.
Question: How msaccess can read this scheme because it has nothing granted
execpt the use of this view? Now, I stop because I dont want say more how
use this question.