20

I have sensitive price columns that I would like to have updated only through a stored procedure. I would like all code or manual attempts to alter values in these price columns to fail if it is not using the stored procedures designed to update it.

I am considering implementing this using triggers and a token table. The idea I am considering is to have a token table. the stored procedures will have to first insert values in the token table. Then update the price columns. The update trigger will check if the token exists in the token table for the updated row. If found, it would continue. if the token is not found, it will throw an exception and make the update transaction fail.

Is there a good/better way to implement this restriction?

Aaron Bertrand
  • 181,950
  • 28
  • 405
  • 624
Elias
  • 311
  • 1
  • 2
  • 6

3 Answers3

23

SQL Server allows column-level permissions. Just for example:

GRANT UPDATE ON dbo.Person (FirstName, LastName) TO SampleRole;
DENY UPDATE ON dbo.Person (Age, Salary) TO SampleRole;
6
-- prevent your web app user from updating that column directly:

DENY UPDATE ON dbo.YourTable(Price) TO WebApplicationUserName;
GO

-- create a stored procedure while logged in as sysadmin:

CREATE PROCEDURE dbo.UpdateYourTable
  @ProductID INT,
  @Price DECIMAL(10,2)
WITH EXECUTE AS OWNER
AS
BEGIN
  SET NOCOUNT ON;

  UPDATE dbo.YourTable 
    SET Price = @Price
    WHERE ProductID = @ProductID;
END
GO

-- grant explicit access only to that stored procedure to the web app user:

GRANT EXEC ON dbo.UpdateYourTable TO WebApplicationUserName;
Aaron Bertrand
  • 181,950
  • 28
  • 405
  • 624
2

If all your users have the same login (ouch, BTW) then here is another option

  • revoke update rights from that user (or role, if you're doing it that way).
  • Alter the stored proc with the "execute as owner" clause on it
  • then the stored proc will run with the rights of the user who owns the schema in which it resides (if its in dbo, then you're already covered).

The regular application users will lack update rights to that table, so they'll be unable to update it any other way.

RolandoMySQLDBA
  • 185,223
  • 33
  • 326
  • 536
SqlRyan
  • 1,206
  • 2
  • 17
  • 24