0

I have a table with many records in Microsoft SQL Server 2008. Some of the records have boolean flag set. Others do not.

I want to a user to be able to ONLY see records where the flag is set. I made a view that uses a select statement to query these records and I gave the user read permissions on this view. But because the view selects from the original table SQL server is saying the user does not have enough permissions to look at the view.

The view and the table are in the same database.

How can I set permissions (either using a view or using some other method) so that the user can only see the subset of records from this table?

4

1 回答 1

4

This works exactly as it should:

USE tempdb;
GO
CREATE TABLE dbo.MyFlags(a INT, flag BIT);
GO
INSERT dbo.MyFlags VALUES(1,0),(2,1),(3,1);
GO
CREATE VIEW dbo.vMyFlags 
AS
  SELECT a, flag FROM dbo.MyFlags WHERE flag = 1;
GO
CREATE LOGIN smudge WITH PASSWORD = 'floob', CHECK_POLICY = OFF;
GO
CREATE USER smudge FROM LOGIN smudge;
GO
GRANT SELECT ON dbo.vMyFlags TO smudge;
GO
EXECUTE AS user = 'smudge';
GO
-- from view (succeeds):
SELECT a,flag FROM dbo.vMyFlags;
GO
-- from table (error):
SELECT a,flag FROM dbo.MyFlags;
GO

Perhaps you missed a step there, or created or referenced objects without the correct schema prefix. Always, always, always use the schema prefix.

于 2013-10-14T16:12:08.113 回答