Subject Re: Current_User rights
Author Adam
> I have an employee table that stores US social security numbers and I
> want to exclude access from non-administrators on this type of column
> (including rate of pay).
> I know I can limit access to the table itself and make a view of only
> the non-confidential columns, but I wonder if this is the best way?

That is what I would do, however in addition I would encrypt such data.
Of course there is no real way of protecting the private key if you do
not control the server, but it is at least better than nothing.

You could also store it in a different table, payroll could join to
that table to retrieve the SSN, you could disallow everyone else. Just
another option.

> Could I also just check if the CURRENT_USER has administrative rights
> to a table and then just run a different query? If possible, how?

I suppose you could write a Stored Procedure that does what you need
(in fact even a view with a case statement might work), but it sounds a
bit overcomplicated to me.