For databases that require a high level of security, granting access directly to tables has limitations. Any privilege granted to a user on a table applies to the whole table. There are many cases when users' privileges need to be shaped more precisely than on a table-by-table basis. For example:
It is not desirable to give access to personal or sensitive information stored in an employee table to users who need access to other parts of the table.
You may want to give sales representatives update privileges on a table containing descriptions of their sales calls, but limit such privileges to their own calls.
While views restrict data access, procedures restrict the actions a user may take. A user can have EXECUTE privilege on a procedure without having any privileges on the table or tables on which the procedure acts.
For strict security, you can disallow all access to the underlying tables, and grant privileges to users or groups of users to execute certain stored procedures. This approach strictly defines how data in the database can be modified.
Discuss this page in DocCommentXchange.
|Copyright © 2014, SAP AG or an SAP affiliate company. - SAP Sybase SQL Anywhere 16.0|