I want to limit the application to read only queries. In other words, I want the application to process only those queries which are not changing the state of the database. I am using ADO.NET. I do not want to create a new user against the database with read only permissions. Any suggestions are welcome.
答案 0 :(得分:1)
Option 1: SQL Authentication
You can use connections as shown below:
Server ={serverName}; Initial Catalog = {DB_Name}; User Id={uid}; Password={pwd};
Use the uid which has only read access in database.
Option 2: Windows Authentication
If you want to use Integrated Security = True; (i.e. windows authentication) then you will have to grant readonly access to the windows user (under which the program runs).
Hope this helps.
答案 1 :(得分:0)
You can create triggers to cancel any insert update or delete through a trigger at the database level. The trigger would end with a rollback to cancel the transaction. You would have to figure out who kicked off the trigger so other users can update the db.
I would not do it - I would take away any permission (except select) from the account being used for the application. I have created many, many triggers but I have never heard anyone using database triggers to enforce read only.