ETL and Data Integration tools - Modern ETL software for everyone

Dear Support!

First of all, congratulations and thanks for the marvelous tool, we're using it intensively for quick data overviews and sql statement creation!

There is one drawback and that is a rather severe one. I discovered that the table data is changeable in the data grid on views, even though there is no update/inser/delete granted on the view (the normal \"update set...\" fails)

It seems that database browser somehow bypasses normal security with my connection. The database I'm using, is MS SQL Server 2000, I run version 2.4.2 of database browser (using \"MS SQLServer\" as connection type, but the same behaviour is also observed with connection type \"ODBC\").

The issue is (i hope) easily reproducible when creating a view like \"select * from \" ,having full modification rights on and select only rights on the created view.

There is a feature in MS Query that allows to enable/disable modifications within MS Queries data grid, the interesting thing here is that MSQuery observes the missing update permissions, when trying to change data!

The whole problem seems only to occur when using Windows builtin security (trusted accounts), I've created a separate user now (SQLServer security), where updating isn't possible.

Any help/hints on how to circumconvent that problem are highly appreciated!

-kind regards,
Roland

Thanks for your feedback.
We will check it ang get back you.

Mike

I had quick look at the problem you reported.
I do not think it Has something to do with our software.
We do not bypass MS Sql server security or connect to it via back door if it ever existed.
We use ADO to connect to the database.
If ADO allows to update the record there is nothing for us do or to fix

John

Hi John!

I'm sorry, but I use ADO myself and just tested whether I could update a View using ADO. The server/driver correctly returns the \"Update permission denied on object ...\" message that I also get when using MSSQL Server builtin security.

Just out of curiosity: Do you use client side cursors or server side ones?
I had very peculiar errors when using client side cursors and I'm now not using them anymore for updating tables. Besides, you get better error messages when using server side cursors. For searching data in the result set, they are more flexible...

I also tested the whole case using first a server side cursor, and then a client side cursor, and that confirmed my theory that the cursor side cursor is the problem:



FrontPlan2 is a simple table having a varchar(100) field \"Bezeichnung\" that I update in the above example.

Is there a chance that you
1) offer the choice to select server side cursors for Database Browser connections, or
2) offer a \"readonly\" choice to disallow changes like MSQuery (which prevents editing already in the grid control)?

This is really a rather dangerous behaviour in this otherwise extremely useful product....

-regards,
ROland

Please download version 2.2.5 and let us know the outcome

John

Seems to work quite fine. There is however one minor quirk still in there: In some views (I haven't found out which), database browser seems to update the value, although it doensn't really do (which only becomes apparent when you change/change back the viewed view). In other views it now correctly gives the \"update permission denied\" message.

-regards
Roland