You want to minimize changes to your security model and to your database applications. How should you modify the database?
A.Create a filegroup named LOOKUP. Move the lookup tables to this filegroup. Select the read only check box for the filegroup.
B.Create a database role named datamodifier. Grant SELECT permissions to the datamodifier role. Add all users to the role.
C.Deny INSERT, UPDATE, and DELETE permissions for all users. Create stored procedures that modify data in all tables except lookup tables. Require users to modify data through these stored procedures.
D.Create a view of the lookup tables. Use the view to allow users access to the lookup tables.
参考答案
正确答案:A
解析:Explanation:SQLServer2000allowsfilegroupsotherthantheprimaryfilegrouptobemarkedasreadonly.Afilegroupthatismarkedread-onlycannotbemodified.Tablesthatmustnotbemodifiedcanbeplacedonafilegroupthatcanthenbemarkasread-only.Thiswillpreventsaccidentalupdates.IncorrectAnswers:B:Thissolutioneffectivelypermitsalluserstomodifyanytableinthedatabase,astheywouldallhaveSELECTpermissionstothedatabase.C:ThissolutionwilleffectivelypreventallusersfrombeingabletoperformingthesetasksonalltablesinthedatabaseastheyaredeniedpermissionstorunINSERT,UPDATE,orDELETEstatementsagainstthedatabase.Abettersolutionwouldbetoapplythedenypermissionsatthetablelevelofthelookuptables.Thiswould,however,requireunnecessaryadministrativetime.D:Viewsarevirtualtablesthatareusedtofiltertablesorrowsthattheusersshouldnothaveaccessto,however,iftheusershaveaccesstothebasetables,theycanstillrunINSERT,UPDATE,andDELETEstatementsagainstthebasetable.