I am working with a database (let's call it DB_data) which includes all the tables for the series of applications. In an attempt to reduce downtime during upgrading, a mask database (let's call it DB_facade) has been created, in which DB_data has a view for each table. It also has all functions and stored procedures that work against these ideas.
In an attempt to lock the security down to DB_Data, we have dunk all the tables for all users of DB_Data. All these users have also been created with the permission of ideas in DB_Face.
The problem here is that DENYs in DB_data are overriding GRANTs in DB_face due to chaining cross-database ownership.
I would like to avoid avoiding competing with these two databases due to potential security problems (though in my original tests, this seems to correct the access problem). In addition, we are trying to reduce the impact on applications, so all access is required to be through stored procedures and to use certificates (for example).
Is anyone else suggesting how
Do you have this problem if you danny on tables in db_data? If you do not explicitly allow these tables, you can get the need for protection and get access rights through ideas.
Comments
Post a Comment