Sybase NNTP forums - End Of Life (EOL)

The NNTP forums from Sybase - forums.sybase.com - are now closed.

All new questions should be directed to the appropriate forum at the SAP Community Network (SCN).

Individual products have links to the respective forums on SCN, or you can go to SCN and search for your product in the search box (upper right corner) to find your specific developer center.

Column level security

8 posts in General Discussion Last posting was on 2009-04-28 14:49:27.0Z
Herman Miller Posted on 2009-04-13 18:54:42.0Z
Sender: 220.49e35687.1804289383@sybase.com
From: Herman Miller
Newsgroups: ianywhere.public.general
Subject: Column level security
X-Mailer: WebNews to Mail Gateway v1.1t
Message-ID: <49e38a72.885.1681692777@sybase.com>
NNTP-Posting-Host: 10.22.241.41
X-Original-NNTP-Posting-Host: 10.22.241.41
Date: 13 Apr 2009 11:54:42 -0700
X-Trace: forums-1-dub 1239648882 10.22.241.41 (13 Apr 2009 11:54:42 -0700)
X-Original-Trace: 13 Apr 2009 11:54:42 -0700, 10.22.241.41
Lines: 7
Path: forums-1-dub!not-for-mail
Xref: forums-1-dub ianywhere.public.general:7518
Article PK: 5926

Sybase 9.0.2.3534

Is it possible to lockdown one column in a table and assign
permissions to modify that column to a specific user? Please
provide sample code to set the security.

Thanks


Kory Hodgson [Sybase iAnywhere] Posted on 2009-04-13 19:17:19.0Z
From: "Kory Hodgson [Sybase iAnywhere]" <khodgson_nospam@sybase.com>
User-Agent: Thunderbird 2.0.0.21 (Windows/20090302)
MIME-Version: 1.0
Newsgroups: ianywhere.public.general
Subject: Re: Column level security
References: <49e38a72.885.1681692777@sybase.com>
In-Reply-To: <49e38a72.885.1681692777@sybase.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
NNTP-Posting-Host: vip152.sybase.com
X-Original-NNTP-Posting-Host: vip152.sybase.com
Message-ID: <49e38fbf$1@forums-1-dub>
Date: 13 Apr 2009 12:17:19 -0700
X-Trace: forums-1-dub 1239650239 10.22.241.152 (13 Apr 2009 12:17:19 -0700)
X-Original-Trace: 13 Apr 2009 12:17:19 -0700, vip152.sybase.com
Lines: 19
X-Authenticated-User: techsupp
Path: forums-1-dub!not-for-mail
Xref: forums-1-dub ianywhere.public.general:7519
Article PK: 5929

Herman,

You could simply create a view that does not include the desired column.
Then only assign permissions to the view to the users you want
restricted from that column.

Kory Hodgson
Sybase iAnywhere

Herman Miller wrote:
> Sybase 9.0.2.3534
>
> Is it possible to lockdown one column in a table and assign
> permissions to modify that column to a specific user? Please
> provide sample code to set the security.
>
> Thanks


Kory Hodgson [Sybase iAnywhere] Posted on 2009-04-13 19:42:43.0Z
From: "Kory Hodgson [Sybase iAnywhere]" <khodgson_nospam@sybase.com>
User-Agent: Thunderbird 2.0.0.21 (Windows/20090302)
MIME-Version: 1.0
Newsgroups: ianywhere.public.general
Subject: Re: Column level security
References: <49e38fbf$1@forums-1-dub> <49e39349.99c.1681692777@sybase.com>
In-Reply-To: <49e39349.99c.1681692777@sybase.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
NNTP-Posting-Host: vip152.sybase.com
X-Original-NNTP-Posting-Host: vip152.sybase.com
Message-ID: <49e395b3$1@forums-1-dub>
Date: 13 Apr 2009 12:42:43 -0700
X-Trace: forums-1-dub 1239651763 10.22.241.152 (13 Apr 2009 12:42:43 -0700)
X-Original-Trace: 13 Apr 2009 12:42:43 -0700, vip152.sybase.com
Lines: 43
X-Authenticated-User: techsupp
Path: forums-1-dub!not-for-mail
Xref: forums-1-dub ianywhere.public.general:7521
Article PK: 5930

Herman,

There are only two ways I am aware of to accomplish the desired results,
views or stored procedures.

With a view you can still insert, update, delete as long as all primary
key columns are included in the view and in the case of inserts the
excluded column would also need to either be nullable or have a default
value.

For stored procedures you could have one to return a result set the user
is allowed to see, and another to perform update operations.

In my opinion using a view is probably your best option.

Herman Miller wrote:
> Is there noway to restrict permissions to a column in a
> table as we update the table directly is multiple
> occassions.
>
> Thanks
>
>> Herman,
>>
>> You could simply create a view that does not include the
>> desired column. Then only assign permissions to the view
>> to the users you want restricted from that column.
>>
>> Kory Hodgson
>> Sybase iAnywhere
>>
>>
>>
>> Herman Miller wrote:
>>> Sybase 9.0.2.3534
>>>
>>> Is it possible to lockdown one column in a table and
>>> assign permissions to modify that column to a specific
>>> user? Please provide sample code to set the security.
>>>
>>> Thanks


Herman Miller Posted on 2009-04-13 19:51:00.0Z
Sender: 220.49e35687.1804289383@sybase.com
From: Herman Miller
Newsgroups: ianywhere.public.general
Subject: Re: Column level security
X-Mailer: WebNews to Mail Gateway v1.1t
Message-ID: <49e397a4.a17.1681692777@sybase.com>
References: <49e395b3$1@forums-1-dub>
NNTP-Posting-Host: 10.22.241.41
X-Original-NNTP-Posting-Host: 10.22.241.41
Date: 13 Apr 2009 12:51:00 -0700
X-Trace: forums-1-dub 1239652260 10.22.241.41 (13 Apr 2009 12:51:00 -0700)
X-Original-Trace: 13 Apr 2009 12:51:00 -0700, 10.22.241.41
Lines: 48
Path: forums-1-dub!not-for-mail
Xref: forums-1-dub ianywhere.public.general:7522
Article PK: 5931

Here is the situation. The dba password got out to the
public. Other than changing the dba password is there a way
to restrict access to a table or column to the dba user?

> Herman,
>
> There are only two ways I am aware of to accomplish the
> desired results, views or stored procedures.
>
> With a view you can still insert, update, delete as long
> as all primary key columns are included in the view and
> in the case of inserts the excluded column would also
> need to either be nullable or have a default value.
>
> For stored procedures you could have one to return a
> result set the user is allowed to see, and another to
> perform update operations.
>
> In my opinion using a view is probably your best option.
>
>
>
> Herman Miller wrote:
> > Is there noway to restrict permissions to a column in a
> > table as we update the table directly is multiple
> > occassions.
> >
> > Thanks
> >
> >> Herman,
> >>
> >> You could simply create a view that does not include
> the >> desired column. Then only assign permissions to
> the view >> to the users you want restricted from that
> column. >>
> >> Kory Hodgson
> >> Sybase iAnywhere
> >>
> >>
> >>
> >> Herman Miller wrote:
> >>> Sybase 9.0.2.3534
> >>>
> >>> Is it possible to lockdown one column in a table and
> >>> assign permissions to modify that column to a specific
> >>> user? Please provide sample code to set the security.
> >>>
> >>> Thanks


"Nick Elson [Sybase iAnywhere]" < Posted on 2009-04-13 20:19:03.0Z
From: "Nick Elson [Sybase iAnywhere]" <@nick@.@elson@@sybase@.@com@>
Newsgroups: ianywhere.public.general
References: <49e395b3$1@forums-1-dub> <49e397a4.a17.1681692777@sybase.com>
Subject: Re: Column level security
Lines: 67
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.3138
X-RFC2646: Format=Flowed; Original
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3350
NNTP-Posting-Host: vip152.sybase.com
X-Original-NNTP-Posting-Host: vip152.sybase.com
Message-ID: <49e39e37@forums-1-dub>
Date: 13 Apr 2009 13:19:03 -0700
X-Trace: forums-1-dub 1239653943 10.22.241.152 (13 Apr 2009 13:19:03 -0700)
X-Original-Trace: 13 Apr 2009 13:19:03 -0700, vip152.sybase.com
X-Authenticated-User: techsupp
Path: forums-1-dub!not-for-mail
Xref: forums-1-dub ianywhere.public.general:7523
Article PK: 5932

You might want to consider this approach:

Create a new user,
grant dba to that user,
grant membership in all groups that dba is a member of to that new
user,
revoked dba from dba,
revoke memberships from dba

start using the new user account as your dba.

Unfortunately the standard DBA, or any account
with DBA priviledge can do pretty much anything
they want to. At a minimum you will need to revoke
dba from dba and work your way back out from there.

<Herman Miller> wrote in message news:49e397a4.a17.1681692777@sybase.com...
> Here is the situation. The dba password got out to the
> public. Other than changing the dba password is there a way
> to restrict access to a table or column to the dba user?
>
>> Herman,
>>
>> There are only two ways I am aware of to accomplish the
>> desired results, views or stored procedures.
>>
>> With a view you can still insert, update, delete as long
>> as all primary key columns are included in the view and
>> in the case of inserts the excluded column would also
>> need to either be nullable or have a default value.
>>
>> For stored procedures you could have one to return a
>> result set the user is allowed to see, and another to
>> perform update operations.
>>
>> In my opinion using a view is probably your best option.
>>
>>
>>
>> Herman Miller wrote:
>> > Is there noway to restrict permissions to a column in a
>> > table as we update the table directly is multiple
>> > occassions.
>> >
>> > Thanks
>> >
>> >> Herman,
>> >>
>> >> You could simply create a view that does not include
>> the >> desired column. Then only assign permissions to
>> the view >> to the users you want restricted from that
>> column. >>
>> >> Kory Hodgson
>> >> Sybase iAnywhere
>> >>
>> >>
>> >>
>> >> Herman Miller wrote:
>> >>> Sybase 9.0.2.3534
>> >>>
>> >>> Is it possible to lockdown one column in a table and
>> >>> assign permissions to modify that column to a specific
>> >>> user? Please provide sample code to set the security.
>> >>>
>> >>> Thanks


Reg Domaratzki [Sybase iAnywhere] Posted on 2009-04-13 20:33:09.0Z
Newsgroups: ianywhere.public.general
Subject: Re: Column level security
From: "Reg Domaratzki [Sybase iAnywhere]" <FirstName.LastName@ianywhere.com>
References: <49e395b3$1@forums-1-dub> <49e397a4.a17.1681692777@sybase.com>
Organization: Sybase iAnywhere
Message-ID: <Xns9BECA862099E0RegDSybiAnywhere@10.22.241.106>
User-Agent: Xnews/5.04.25
NNTP-Posting-Host: vip152.sybase.com
X-Original-NNTP-Posting-Host: vip152.sybase.com
Date: 13 Apr 2009 13:33:09 -0700
X-Trace: forums-1-dub 1239654789 10.22.241.152 (13 Apr 2009 13:33:09 -0700)
X-Original-Trace: 13 Apr 2009 13:33:09 -0700, vip152.sybase.com
Lines: 19
X-Authenticated-User: techsupp
Path: forums-1-dub!not-for-mail
Xref: forums-1-dub ianywhere.public.general:7524
Article PK: 5933


Herman Miller wrote in news:49e397a4.a17.1681692777@sybase.com:

> Here is the situation. The dba password got out to the
> public. Other than changing the dba password is there a way
> to restrict access to a table or column to the dba user?

No. If someone has the DBA password for your database there
is NO way to restrict their access to anything in the database.

--
Reg Domaratzki, Sybase iAnywhere Solutions
Please reply only to the newsgroup

iAnywhere Developer Community : http://www.ianywhere.com/developer
iAnywhere Docs : http://www.ianywhere.com/developer/product_manuals
ASA Patches and EBFs : http://downloads.sybase.com/swd/base.do
-> Choose SQL Anywhere Studio
-> Set filter to "Display ALL platforms IN ALL MONTHS"


"Jason Hinsperger" <NO_jason.hinsperger Posted on 2009-04-28 14:49:27.0Z
From: "Jason Hinsperger" <NO_jason.hinsperger@sybase_SPAM.com>
Newsgroups: ianywhere.public.general
References: <49e38fbf$1@forums-1-dub> <49e39349.99c.1681692777@sybase.com>
Subject: Re: Column level security
Lines: 37
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.5512
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5579
X-RFC2646: Format=Flowed; Original
NNTP-Posting-Host: vip152.sybase.com
X-Original-NNTP-Posting-Host: vip152.sybase.com
Message-ID: <49f71777@forums-1-dub>
Date: 28 Apr 2009 07:49:27 -0700
X-Trace: forums-1-dub 1240930167 10.22.241.152 (28 Apr 2009 07:49:27 -0700)
X-Original-Trace: 28 Apr 2009 07:49:27 -0700, vip152.sybase.com
X-Authenticated-User: techsupp
Path: forums-1-dub!not-for-mail
Xref: forums-1-dub ianywhere.public.general:7533
Article PK: 5950

Yes, you can use the GRANT statement to only grant select/update permissions
on specific columns in a table.

--
Jason Hinsperger
Product Manager
Sybase iAnywhere

<Herman Miller> wrote in message news:49e39349.99c.1681692777@sybase.com...
> Is there noway to restrict permissions to a column in a
> table as we update the table directly is multiple
> occassions.
>
> Thanks
>
>> Herman,
>>
>> You could simply create a view that does not include the
>> desired column. Then only assign permissions to the view
>> to the users you want restricted from that column.
>>
>> Kory Hodgson
>> Sybase iAnywhere
>>
>>
>>
>> Herman Miller wrote:
>> > Sybase 9.0.2.3534
>> >
>> > Is it possible to lockdown one column in a table and
>> > assign permissions to modify that column to a specific
>> > user? Please provide sample code to set the security.
>> >
>> > Thanks