Arthur Fuller
artful at rogers.com
Thu Jun 24 15:04:37 CDT 2004
Excellent point, Debbie. And in case it's not clear to readers of this list, let me emphasize it: NO users except sa (and possibly developers) should have access to any SQL table. Everything should be done with views or sprocs or UDFs. No exceptions. Access to said objects should be governed by roles, and users should be assigned to roles; this can be done additively. I.e. suppose you have 3 levels of access, a, b and c. Everyone in level B can do everything that everyone in level A can. So just role B as a user in level A; then you "inherit" everything permitted for level A. Similarly, add role C as a user in level B, and inherit both B and A. This is a simplistic example; it may arise in the real world that level C should be able to do anything A can but nothing that B can. In that case it's a little more difficult, but the underlying principle is the same. IMO, as always, and I could be wrong, and it wouldn't be the first time. Arthur -----Original Message----- From: dba-sqlserver-bounces at databaseadvisors.com [mailto:dba-sqlserver-bounces at databaseadvisors.com] On Behalf Of Elam, Debbie Sent: Friday, June 11, 2004 9:13 AM To: 'dba-sqlserver at databaseadvisors.com' Subject: RE: [dba-SQLServer] Difference between views and queries Just the opposite, I have always tried to harness the greater computing power on the server and drag less data across the wire which is a performance plus. Views also have security independent of tables. I have a much better control of what data is editable and when by what view I use. Debbie -----Original Message----- From: Jim Lawrence (AccessD) [mailto:accessd at shaw.ca] Sent: Thursday, June 10, 2004 2:07 PM To: dba-sqlserver at databaseadvisors.com Subject: RE: [dba-SQLServer] Difference between views and queries Hi John: Personally, I see little reason to run views as their creation is spawned at the server side and any hit on the server I try to avoid. The concept of distributive computing has always appealed to me. Queries, run at the client side. There might be better performance with views, if there are limited people accessing the server. Views limit, not that the client can see it anyway, access to/display of the real table and present a pseudo table. Security? HTH Jim -----Original Message----- From: dba-sqlserver-bounces at databaseadvisors.com [mailto:dba-sqlserver-bounces at databaseadvisors.com]On Behalf Of jwcolby Sent: Thursday, June 10, 2004 9:33 AM To: SQLServer Subject: [dba-SQLServer] Difference between views and queries Can anyone explain the difference between a view and a query? Views use a query, plus the view keyword. I have a couple of books that I have read the chapter on Views, but I so far haven't managed to "get" why you wouldn't just use the query itself instead of turning it into a view. John W. Colby www.ColbyConsulting.com _______________________________________________ dba-SQLServer mailing list dba-SQLServer at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/dba-sqlserver http://www.databaseadvisors.com _______________________________________________ dba-SQLServer mailing list dba-SQLServer at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/dba-sqlserver http://www.databaseadvisors.com - JENKENS & GILCHRIST E-MAIL NOTICE - This transmission may be: (1) subject to the Attorney-Client Privilege, (2) an attorney work product, or (3) strictly confidential. If you are not the intended recipient of this message, you may not disclose, print, copy or disseminate this information. If you have received this in error, please reply and notify the sender (only) and delete the message. Unauthorized interception of this e-mail is a violation of federal criminal law. This communication does not reflect an intention by the sender or the sender's client or principal to conduct a transaction or make any agreement by electronic means. Nothing contained in this message or in any attachment shall satisfy the requirements for a writing, and nothing contained herein shall constitute a contract or electronic signature under the Electronic Signatures in Global and National Commerce Act, any version of the Uniform Electronic Transactions Act or any other statute governing electronic transactions. _______________________________________________ dba-SQLServer mailing list dba-SQLServer at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/dba-sqlserver http://www.databaseadvisors.com