How can I allow users sql access to a table limited to certain rows?

Question

I\'m building an stock exchange simulation game. I have a table called \'Market_data\' and in the game players simulate being in particular dates and are allowed to use SQL

Answer 1

1)You can use mysql proxy http://dev.mysql.com/downloads/mysql-proxy/ with custom rules restricting access.

2)You can use stored procedures/functions

3)You can use views

Answer 2

Solution is SQL Views, Views are used for several different reasons:

*1.*To hide data complexity. Instead of forcing your users to learn the T-SQL JOIN syntax you might wish to provide a view that runs a commonly requested SQL statement.

*2.*To protect the data. If you have a table containing sensitive data in certain columns, you might wish to hide those columns from certain groups of users. For instance, customer names, addresses and their social security numbers might all be stored in the same table; however, for lower level employees like shipping clerks, you can create a view that only displays customer name and address. You can grant permissions to a view without allowing users to query the underlying tables. There are a couple of ways you might want to secure your data:

a.Create a view to allow reading of only certain columns from a table. A common example of this would be the salary column in the employee table. You might not want all personnel to be able to read manager's or each other's salary. This is referred to as partitioning a table vertically and is accomplished by specifying only the appropriate columns in the CREATE VIEW statement.

b.Create a view to allow reading only certain rows from a table. For instance, you might have a view for department managers. This way, each manager can provide raises only to the employees of his or her department. This is referred to as horizontal partitioning and is accomplished by providing a WHERE clause in the SELECT statement that creates a view.

*3.*Enforcing some simple business rules. For example, if you wish to generate a list of customers that need to receive the fall catalog, you can create a view of customers that have previously bought your shirts during the fall.

*4.*Data exports with BCP. If you are using BCP to export your SQL Server data into text files, you can format the data through views since BCP's formatting ability is quite limited.

*5.*Customizing data. If you wish to display some computed values or column names formatted differently than the base table columns, you can do so by creating views.

reference taken from http://sqlserverpedia.com.

Answer 3

The basic way would be :

-> Prevent that user (or group) from accessing the base table.

-> Define a view on top of that table that shows only the rows these users are supposed to see.

-> Give those users SELECT permission on the view.

-> And you can also use SQL Encryption,Decryption and Hashing concept.

Encryption & Decryption examples can be found here:

http://msdn.microsoft.com/en-us/library/ms179331.aspx

Hashing example can be found here:

http://msdn.microsoft.com/en-us/library/ms174415.aspx