Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion Groups
DB Engine
SQL ServerMSDESQL Server CE
Services
Analysis (Data Mining)Analysis (OLAP)DTSIntegration ServicesNotification ServicesReporting Services
Programming
CLRConnectivitySQLXML
Other Technologies
ClusteringEnglish QueryFull-Text SearchReplicationService Broker
General
Data WarehousingPerformanceSecuritySetupSQL Server ToolsOther SQL Server Topics
DirectoryUser Groups
Related Topics
MS AccessOther DB ProductsMS Server Products.NET DevelopmentVB DevelopmentJava DevelopmentMore Topics ...
SQL Server Forum / General / Security / August 2008

Tip: Looking for answers? Try searching our database.

Integrate AzMan with SQL Database?

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Bradley Plett - 19 Aug 2008 17:18 GMT
I don't know if this is the right newsgroup for this, but....

We need to secure records in a table based on Active Directory
permissions.  Can someone point me to a good resource (with examples)
of how to go about this?  Here is some pseudo-code of what I'd like to
be able to do:

select * from mytable where UserIsAllowed("Brad")

In this example, the "UserIsAllowed" function tests each record,
presumably using AzMan, checking both the user and the groups the user
belongs to.

Any help would be appreciated.  Thanks!

Brad.
Reply to this Message
Uri Dimant - 20 Aug 2008 06:30 GMT
http://vyaskn.tripod.com/sql_server_security_best_practices.htm  --------security
best practices

>I don't know if this is the right newsgroup for this, but....
>
[quoted text clipped - 12 lines]
>
> Brad.
Reply to this Message
Bradley Plett - 20 Aug 2008 17:41 GMT
Unfortunately, whereas that URL leads to a reasonably good article on
row-level security, it is a simplistic approach that does not
implement any of the flexibility nor administrative features that
AzMan (nor Active Directory, for that matter) provides.  I know how to
add a user name to each row, etc., but that does not provide a
hierarchical (e.g. AD groups) nor role-based (as per AzMan) system.
Whereas I could extend it to do that, I'm sure I'm not the first to be
faced with this, and I'd prefer not to reinvent the wheel!

Brad.

>http://vyaskn.tripod.com/sql_server_security_best_practices.htm  --------security
>best practices
[quoted text clipped - 15 lines]
>>
>> Brad.
Reply to this Message
Andrew J. Kelly - 20 Aug 2008 19:17 GMT
Brad,

While I don't have the exact answer for you I suspect you would be best
served by creating a CLR sp or function that would make a call out to AzMan
via the api. If you are still in 2000 then you might want to have a look at
sp_OACreate instead.

Signature

Andrew J. Kelly    SQL MVP
Solid Quality Mentors

>I don't know if this is the right newsgroup for this, but....
>
[quoted text clipped - 12 lines]
>
> Brad.
Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2009 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.