From 307696a14a54591f2a10bd1ee32a78421d2a7503 Mon Sep 17 00:00:00 2001 From: sb Date: Fri, 30 Jan 2009 10:57:26 +0000 Subject: [PATCH] Changes to MS SQL transform to support improved group security --- transforms/adl2mssql.xslt | 74 +++++++++++++++++++++++++-------------- 1 file changed, 48 insertions(+), 26 deletions(-) diff --git a/transforms/adl2mssql.xslt b/transforms/adl2mssql.xslt index 9521522..e13dbc8 100755 --- a/transforms/adl2mssql.xslt +++ b/transforms/adl2mssql.xslt @@ -12,7 +12,7 @@ Convert ADL to MS-SQL $Author: sb $ - $Revision: 1.14 $ + $Revision: 1.15 $ --> @@ -112,7 +112,7 @@ -- -- -- Database for application version - -- Generated for MS-SQL 2000+ using adl2mssql.xslt + -- Generated for MS-SQL 2000+ using adl2mssql.xslt -- THIS FILE IS AUTOMATICALLY GENERATED: DO NOT EDIT IT. -- -- @@ -149,11 +149,33 @@ -- end of file ------------------------------------------------------------------------------------------------- - + + + /* */ + + - execute sp_addrole @rolename = '' - - GO + ------------------------------------------------------------------------------------------------- + -- security group + ------------------------------------------------------------------------------------------------- + + execute sp_addrole @rolename = '' + GO + + ------------------------------------------------------------------------------------------------- + -- dummy table accessible only to members of , to allow + -- a hard check on group membership + ------------------------------------------------------------------------------------------------- + CREATE TABLE "" ( + "Check" INT NOT NULL, + PRIMARY KEY( "Check") + ) + GO + + REVOKE ALL ON "" FROM public + GO + GRANT SELECT ON "" TO "" + GO @@ -277,7 +299,8 @@ ------------------------------------------------------------------------------------------------- -- primary table ------------------------------------------------------------------------------------------------- - CREATE TABLE "" + + CREATE TABLE "" ( @@ -300,7 +323,6 @@ ) - GO ---- permissions ------------------------------------------------------------------------------ @@ -369,27 +391,27 @@ GRANT SELECT ON "" TO + select="$table"/>" TO "" GRANT INSERT ON "" TO + select="$table"/>" TO "" GRANT SELECT, INSERT ON "" TO + select="$table"/>" TO "" GRANT SELECT, INSERT, UPDATE ON "" TO + select="$table"/>" TO "" GRANT SELECT, INSERT, UPDATE, DELETE ON "" TO + select="$table"/>" TO "" REVOKE ALL ON "" FROM + select="$table"/>" FROM "" @@ -504,28 +526,28 @@ ---- permissions ------------------------------------------------------------------------------ + then you need full CRUD permissions on the link table. Otherwise, you get nothing. --> - GRANT SELECT,INSERT,UPDATE,DELETE ON TO + GRANT SELECT,INSERT,UPDATE,DELETE ON "" TO "" - GRANT SELECT,INSERT,UPDATE,DELETE ON TO - + GRANT SELECT,INSERT,UPDATE,DELETE ON "" TO "" + - GRANT SELECT,INSERT,UPDATE,DELETE ON TO - + GRANT SELECT,INSERT,UPDATE,DELETE ON "" TO "" + - GRANT SELECT,INSERT,UPDATE,DELETE ON TO - + GRANT SELECT,INSERT,UPDATE,DELETE ON "" TO "" + - REVOKE ALL ON FROM - + REVOKE ALL ON "" FROM "" + - REVOKE ALL ON FROM - + REVOKE ALL ON "" FROM "" + GRANT SELECT ON TO