In our system we have a hybrid security system. We have tables that I want
to make sure that based on membership in a group that update and/or delete
is not allowed to a specific group. We also have application level security
which is much more granular and is much more job function based. Our
application is a transportation application, so a user might have insert,
update and delete in order entry but a dispatcher would not have the ability
to delete a order, they must cancel it with a reason code. These would both
be part of the same ROLE in the database. Trying to maintain the database
to match the application security would become cumbersome for our customers.
Now for the question, if I specifically revoke a update or delete on a per
table basis for a role to I still have to specifically define what security
attributes they have access on? If this doesn't work, would I give access to
the schema and then just specifically revoke the update or delete
functionality for just the tables I'm looking to protect.
Best Regards
Mike Gould
