Is it possible ...?

Hi

I have users in domain group who use application which uses sqlserve, they
have rights to insert, update, delete. I want some of the members of this
domain group to connect directly to the database using query analyzer but
with right only to read and they still of course can use application and
have full rights.

I can't change application, i don't want to crate another users with
different rights.

I want the same user to have different rights using application and query
analyzer.
Is it possible ? Maybe something similar...

regards
m.

"marta" <marta20wawa@go2.pl> wrote in message
 news:dcbnlj$2vi$1@at
lantis.news.tpi.pl...
> Hi
>
> I have users in domain group who use application which uses sqlserve, they
> have rights to insert, update, delete. I want some of the members of this
> domain group to connect directly to the database using query analyzer but
> with right only to read and they still of course can use application and
> have full rights.
>
> I can't change application, i don't want to crate another users with
> different rights.
>
> I want the same user to have different rights using application and query
> analyzer.
> Is it possible ? Maybe something similar...
>

In this situation users should be granted Read permissions only, and in the
application, they can acquire different permissions by running
sp_setapprole.

David

David Browne  napisal(a):
> "marta" <marta20wawa@go2.pl> wrote in message
>  news:dcbnlj$2vi$1@at
lantis.news.tpi.pl... 
>
> In this situation users should be granted Read permissions only, and in th
e
> application, they can acquire different permissions by running
> sp_setapprole.
>
> David

I can't change permissions asigned to domain group to which they
belong.
I can't change application in any way, i don't have acess to use
application role. I can't touch application. For me the best solution
would be if in query analyzer is check button "read only", and i could
use it ;)
I need to give users read only access using isql.

M.

I believe that the closest you can come is to create triggers on your tables
 from which you check
the application name (APP_NAME()) and if not expected, you rollback inside t
he trigger. This will
not prevent a bad seed from writing an app, setting the expected application
 name and do the bad
operations, though.

--
Tibor Karaszi, SQL Server MVP
http://www.karaszi.com/sqlserver/default.asp
http://www. solidqualitylearning
.com/
Blog: http:// solidqualitylearning
.com/blogs/tibor/


"sqlserver" <grupy_d@go2.pl> wrote in message
news:1122622386.882273.249700@g43g2000cwa.googlegroups.com...
>
> David Browne napisal(a): 
>
> I can't change permissions asigned to domain group to which they
> belong.
> I can't change application in any way, i don't have acess to use
> application role. I can't touch application. For me the best solution
> would be if in query analyzer is check button "read only", and i could
> use it ;)
> I need to give users read only access using isql.
>
> M.
>

Think of writing an app that lets users enter select SQL statements only and
shows the results in a grid control.
Don't set the grid to allow updates. You can probably find some code for
something like that in the samples.
HTH

"marta" <marta20wawa@go2.pl> wrote in message
 news:dcbnlj$2vi$1@at
lantis.news.tpi.pl...
> Hi
>
> I have users in domain group who use application which uses sqlserve, they
> have rights to insert, update, delete. I want some of the members of this
> domain group to connect directly to the database using query analyzer but
> with right only to read and they still of course can use application and
> have full rights.
>
> I can't change application, i don't want to crate another users with
> different rights.
>
> I want the same user to have different rights using application and query
> analyzer.
> Is it possible ? Maybe something similar...
>
> regards
> m.
>
>