SQL Server supports a multi-level permission system through roles, user permissions (GRANT/REVOKE), and schemas. Key principles:
Example of creating roles and assigning permissions:
-- Create a role for analysts CREATE ROLE Analyst; -- Grant only SELECT on necessary tables GRANT SELECT ON Sales TO Analyst; -- Prohibit data modification REVOKE INSERT, UPDATE, DELETE ON Sales FROM Analyst; -- Assign the role to a user GRANT Analyst TO user_ivan;
Often, roles are distinguished for reading (read-only), modification, administration, and specific operations.
Trick: "Can a user with access only to a view (VIEW) modify the underlying table through it? Provide an example."
Answer: Yes, if the VIEW does not contain aggregation/grouping and is not read-only (WITH CHECK OPTION) – INSERT/UPDATE/DELETE can be performed on the VIEW, and changes will affect the underlying table if permissions allow.
-- A view trimming unnecessary columns CREATE VIEW SalesAsView AS SELECT id, total, manager_id FROM Sales; -- If allowed, the user will make changes like this: UPDATE SalesAsView SET total=1000 WHERE id=42; -- This will affect Sales.total for id=42
Solution: use readonly VIEWs or prohibit data modification rights through views.
Story
Project: HR portal, personal data of employees.
Mistake: Operators had access to the underlying table through VIEW without restriction on UPDATE — accidentally modified each other's salaries, although the VIEW was initially intended "for reporting only".
Story
Project: Accounting, external integrations.
Mistake: Granted the external system rights INSERT and SELECT on the entire DB instead of only INSERT in the necessary tables. Result: vulnerability to reading the entire DB and possible violation of GDPR legislation.
Story
Project: SaaS platform, multi-user reports.
Mistake: All clients worked in one schema with shared rights: accidentally saw and could edit each other's data. Solution — segmentation into schemas, separate roles, and individual restrictions at the Row Level Security (RLS) level.