I want to deny query for insert,update,delete,alter in database engine only? is there a way to do that ? Because I have an application that uses the SQL database server and has a lot of users that consists of a lot of levels. I use the connection to the database with ADODB. How do I only can execute insert, update, delete or procedure only on the application, but can not run in SQL server database engine?
example: users A can insert,delete or update data into 'customer' through application, but cannot execute query that contain insert,delete, or update from database engine. because is too risky if users do that and can manipulate data from there.
Thanks Before
Best Answer
Since the application is running on user workstation, it is likely to be run on user's own account. This, unfortunately, means you are out of luck with the simple solution - setting up user permissions.
What could work is an approach based on stored procedures with
EXECUTE AS
.There are lots of tutorials in the net. For a summary:
EXECUTE AS
to run those procedures as the application user.