Views and Security

A popular, but controversial, method to design security is to create a view that exposes only certain columns, or that restricts the rows with a WHERE clause and a WITH Check Option, and then grants permission to the view to allow users limited access to data. Some IT shops require that all access goes through such a view.

Those opposed to using views for a point of security have several good reasons:

Views are not compiled or optimized.
Column-level security can be applied with user-defined SQL Server security.
Using views for row-level security means that the WITH CHECK OPTION must be manually created with each view. As the number of row-level categories grows, it can become cumbersome to do this type of manual maintenance.

Get Microsoft SQL Server 2012 Bible now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Microsoft SQL Server 2012 Bible by

Views and Security

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly