Creating readonly views in Sql Server

sql-server views
34,836

Solution 1

The best way would be to remove UPDATE/DELETE/INSERT permissions on the View.

Apart from that you could create an INSTEAD OF trigger on the view that simply does nothing to have the updates silently fail or there are quite a few constructs that make views non updatable. So you can pick one that doesn't change semantics or efficiency and then violate it.

Edit: The below seems to fit the bill.

CREATE VIEW Bar
AS
SELECT TOP 100 PERCENT x
FROM foo
WITH CHECK OPTION

Solution 2

You could specify an UNION operator in order to make SQL Server fail during the INSERT/UPDATE/DELETE operation, like this:

create view SampleView
as
  select ID, value from table
  union all
  select 0, '0' where 1=0

The last query doesn't return any rows at all, but must have the same amount of fields with the same data types as the first query, in order to use the UNION safely. See this link for more info: Different ways to make a table read only in a SQL Server database

Share:
34,836
Idan Arye
Author by

Idan Arye

Updated on April 05, 2020

Comments

  • Idan Arye
    Idan Arye about 4 years

    According to MSDN, views composed of simple selects automatically allow you to use insert/update/delete statements on the table. Is there a way to prevent this - to tell Sql Server that the view is readonly, and you can't use it to modify the table?

  • ZygD
    ZygD over 12 years
    +1 permissions should prevent this not code. But if folk can write via the view then I suspect there are permissions on the base tables too...
  • Idan Arye
    Idan Arye over 12 years
    Thanks, works like a charm. Those views will actually refer to another database, which the user won't have access to. I want to make them readonly so the user won't be able to modify that database he doesn't have access to via the views in the database he does have access to. I want to use per-database permissions instead of per-object permissions to keep things simple and to be more sure that I don't miss a breach in the permission definitions.
  • BIBD
    BIBD over 11 years
    I'll point out a danger with the code appended to the end. It seems to hinge on the 'WITH CHECK OPTION'. If you come back and late edit the View with SQL Server Management Studio, it won't include the 'WITH CHECK OPTION' and the view will be read/write again.
  • Christoph
    Christoph about 9 years
    You can also add a "UNION SELECT TOP 0 * FROM table" (at least in SQLServer 2014).
  • Ben
    Ben over 5 years
    For anyone else looking for clarity, SELECT TOP 100 PERCENT needs to be combined with WITH CHECK OPTION at the end of the view in order for write attempts on this view to fail. In my testing with 2014, only having one of those still allows the view to be updated.
  • m81
    m81 over 5 years
    For anyone else researching this, it doesn't seem to present a consistent behavior for me. I created my view with both "SELECT TOP 100 PERCENT" and "WITH CHECK OPTION", yet if I attempt to delete data from the view, the deletes affect the underlying table. This is on SQL Server 2016.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to save a query in SQL Server so it is visible in Object Explorer
using IF in a SQL Server View
SQL Server replaces LEFT JOIN for LEFT OUTER JOIN in view query
creating view in sqlserver
View is not schema bound?
Create an index on SQL view with UNION operators? Will it really improve performance?
TSQL foreign keys on views?
What are the downsides of using SqlServer Views?
How to copy views from one database to another database
If I update a view, will my original tables get updated