managing security through SQL

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I posted this in the wrong section. That's the right one maybe
Hello,
I have a database that I have delivered to the data-enter which has no
permission to develop/run new queries other than the queries that are
currently saved in the database.
I'm the data-manager. I would be able to update/change data in the
data-manager's DB by running queries from an external DB where I have just a
form with a command button: once the data-manager hits the button, the code
behind the form will run and changes are made.
Since I would prefer using SQL statements instead of writing lots of ADO
code, is there a way to manage userID and password thorugh SQL?
I think I need to log into the data-manager's DB with my userId and password
to make changes to data.
Actually, since the changes are made to tables where he normally
enters/changes/delets data, is it really necessary to log with my
userid/password?
Hope this makes sense!
Any explanation/suggestion on how to manage change from *outside* the Db are
very appreciate, since the data-entering staff is in Pisa (tuscany) and I'm
currently in Pittsburgh (pennsylvania).
Thanks!
Rocco
 
rocco wrote:

(snip)
Hope this makes sense!
Click to expand...

Not to me :-(

I could only see two questions:

(1) "is there a way to manage userID and password thorugh SQL?"
Depends on what you mean by "manage". It's like me asking, "Can I
manage my career via the Internet?" There's no answer - it depends on
what I mean by "manage".

(2) "is it really necessary to log with my userid/password"
This is completely unanswerable because you have not told us /anything/
about how your database has been set up from a security viewpoint.

I think you need to repost your question & make it much more clear (a)
how your database has been set up from a security viewpoint, and (b)
the details of what you are actually trying to do, and why it won't
work.

HTH,
TC
 
Since I would prefer using SQL statements instead of writing lots of ADO
code, is there a way to manage userID and password thorugh SQL?
I think I need to log into the data-manager's DB with my userId and
password
to make changes to data.
Click to expand...

I'm not aware of any method of manipulating security via SQL. One approach
could be to have a desktop shortcut to your "data management" db with your
logon credentials hard-coded in the command line. As long as this is in a
private area that only you can access then it should be OK.

HTH - Keith.
www.keithwilby.com
 
OK, I’ll try to make it more clear.
I have a database. I have an .mdw file to store permission credentials to
this database (userID and password).
I’m the data-manager and I can do whatever I want.
Data-enter has rights to enter/update/delete data only on certain tables. He
can only read data stored in some other tables. He can run all the queries
saved in the database.
He cannot runs some queries stored into code that need to hit a command
button (disabled if you logon as data-enter) to run.
He cannot make any changes to form or report. He cannot add new tables, new
queries, new forms or new reports.
The database has been saved and delivered as .MDE file: so no changes can’t
be done to objects or code.
A command on the main form will allow the data-enter to send me all the
tables in .ADTG format. I load them into my copy of the database (.MDB
format) and checks for sort of data-entering errors.
Almost any time I have to make changes to data. This means I always have to
resend a new version of the database, loaded with the changed data.
I would like to send kind of patches, small .mde files with just the code to
make changes directly on the database on the data-enter side. He will run the
patches and all the changes are made to data on his database. Obviously, I
cannot (and I wont) make changes to objects in the database since this is an
..MDE. Fine, I want just to change data. But sometimes also changes to data in
tables to which data-enter has only rights to read from.
So I think I have to log into the .MDE database with MY permission setting.
Instead to use ADO - and all its fascinating flavors of the .connectstring
feature - to log into an external database from the patch, is it possible to
use SQL statements to grant permission to make changes to a database? Some
kind of SQL statement that give me right to make changes to the external
database. Does it sounds still thata odd?
 
nevermind. I figured out by myself:
SQL cannot manage (right, "manage", it's written in books) authentication.
SQL can only manage (again...) authorization.
It was that simple.
Thanks, anyway.
 
Keith said:
I'm not aware of any method of manipulating security via SQL.
Click to expand...

I thought that Jet 4 had added "CREATE USER" & so forth. But I can't
find a reference, off hand. Maybe someone else can give one?

TC
 
TC said:
I thought that Jet 4 had added "CREATE USER" & so forth. But I can't
find a reference, off hand. Maybe someone else can give one?
Click to expand...


It's all in Help
Create User
Create Group
Add User
Drop User
Alter User
etc.
 
Back
Top