Hi Albert,
I do not understand the question, if an user has rights, then it has rights and it will get it, no? Unless what you want is to give rights to read some columns/fields on a table but not all? then you can, for example, deny rights on specific columns, for example you can do:
DENY SELECT ON mySchema.Customers (CreditCardNo ) TO Albert;
>Hi Hank,
>
>If you are like me, the last few weeks have been spent assisting clients to work remotely so this has gone to the side...
>
>Follow up on this, you recommended using "Always encrypted"; reading the MSFT notes, it does indeed seem to just encrypt sensitive columns in the data table. Here is a snippet from MSFT docs:
>
>"Always Encrypted makes encryption transparent to applications. An Always Encrypted-enabled driver installed on the client computer achieves this by automatically encrypting and decrypting sensitive data in the client application. The driver encrypts the data in sensitive columns before passing the data to the Database Engine, and automatically rewrites queries so that the semantics to the application are preserved. Similarly, the driver transparently decrypts data, stored in encrypted database columns, contained in query results."
>
>Now, the question I have today is not the specifics on the above but just a general question: if the driver does the decryption, what is to say that if someone has the credentials of a user, why can't they just pull down all the data they want? That is, if there is some rogue employee who has a query tool (like VFP) and they have got the credentials from someone with rights to the database, could they not just get the correct driver and do something like:
>
>SELECT CreditCardNo FROM Customers INTO CURSOR Temp
>
>You will have to forgive me as I do not know SQL server at all. Can you set some rights inside SQL to not allow general queries of the tables such that even with the creds the person could not just download a bunch of data?
>
>Thanks for any info.
>Albert
>
>
>
>>Hi Albert,
>>
>>I have not used column encryption.
>>
>>Hank
>>
"The five senses obstruct or deform the apprehension of reality."
Jorge L. Borges?
"Premature optimization is the root of all evil in programming."
Donald Knuth, repeating C. A. R. Hoare
"To die for a religion is easier than to live it absolutely"
Jorge L. Borges
