Comments for Bob Lambert

Comment on Data and Wine? by Chris Bradley

Chris Bradley — Tue, 17 Nov 2009 22:15:56 +0000

Reminds me of raindrops on roses and whiskers on kittens

Comment on Followership by Bob Lambert » Blog Archive » Followership II – Individualists, Enablers, & Subversives

Sun, 01 Nov 2009 21:18:25 +0000

[...] a previous post I posed this question: “more people are followers than leaders, so isn’t it more important [...]

Comment on DQ, he isn’t so dumb he just needs glasses by IAIDQ Festival del IDQ Bloggers - Episode #2 | The DOBlog

IAIDQ Festival del IDQ Bloggers - Episode #2 | The DOBlog — Mon, 01 Jun 2009 19:16:56 +0000

[...] this thought provoking post, Bob Lambert shares his insights into why Project Sponsors aren’t blind, they just need glasses. In it, he highlights an all to common problem in poorly aligned IT projects and [...]

Comment on SQL Server Row Level Security @ Richmond Code Camp 2009.1 by Bob

Bob — Mon, 27 Apr 2009 13:49:40 +0000

Here are the object creates and presentation scripts presented in

Pretty Good Row Level Security

At Richmond Code Camp 2009.1 (http://richmondcodecamp.org/)
Bob Lambert and
Nic Morel

CapTech Ventures, Inc.
blambert@captechventures.com, http://robertlambert.net
nmorel@captechventures.com
See also Protecting Your Data with Row Level Security for SQL Server Databases at Dr Dobbs Portal, http://www.ddj.com/database/215900773

Note: users other than dbo are granted only access to views, that is in example 2 mdavis should only have access to the view ordersummary, in the later examples bobama only to vssalestotals and vsemployee.

—————————————————————————
– Sales user Access table
USE [AdventureWorks]
GO
/****** Object: Table [Security].[SalesAccess] Script Date: 04/27/2009 08:11:14 ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
SET ANSI_PADDING ON
GO
CREATE TABLE [Security].[SalesAccess](
[UserID] [varchar](20) NOT NULL,
[TerritoryID] [int] NOT NULL
) ON [PRIMARY]

—————————————————————————
– HR User Access Table

SET ANSI_PADDING ON
USE [AdventureWorks]
GO
/****** Object: Table [Security].[HRAccess] Script Date: 04/27/2009 08:11:56 ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
SET ANSI_PADDING ON
GO
CREATE TABLE [Security].[HRAccess](
[UserID] [varchar](20) NOT NULL,
[DepartmentID] [smallint] NOT NULL
) ON [PRIMARY]
GO
SET ANSI_PADDING ON

—————————————————————————
– select * from [Security].[SalesAccess]

UserID TerritoryID
——————– ———–
sordway 1
sordway 2
sordway 3
bobama 1
jmccain 2
jkerry 6
jkerry 7
jkerry 8
jkerry 9
mromney 7
mromney 8
dbo 1
dbo 2

—————————————————————————
– select * from [Security].[HRAccess]

UserID DepartmentID
——————– ————
bobama 4
bobama 5
bobama 6
dbo 5
dbo 6
dbo 7
dbo 8
dbo 9
dbo 10
dbo 11
dbo 12
dbo 13
dbo 14
dbo 15
dbo 16

(15 row(s) affected)

—————————————————————————
– table valued function accessing sales data joining to the sales security access table

USE [AdventureWorks]
GO
/****** Object: UserDefinedFunction [Security].[ufnGetSalesTotals] Script Date: 04/25/2009 12:25:48 ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO

CREATE FUNCTION [Security].[ufnGetSalesTotals]
(
@UserId VARCHAR(20)
)
RETURNS TABLE
AS
RETURN
(
SELECT
pvt.[SalesPersonID]
,pvt.[FullName]
,pvt.[Title]
,pvt.[SalesTerritory]
,pvt.[2002]
,pvt.[2003]
,pvt.[2004]
FROM (SELECT
soh.[SalesPersonID]
,c.[FirstName] + ‘ ‘ + COALESCE(c.[MiddleName], ”) + ‘ ‘ + c.[LastName] AS [FullName]
,e.[Title]
,st.[Name] AS [SalesTerritory]
,soh.[SubTotal]
,YEAR(DATEADD(m, 6, soh.[OrderDate])) AS [FiscalYear]
FROM [Sales].[SalesPerson] sp
INNER JOIN [Sales].[SalesOrderHeader] soh
ON sp.[SalesPersonID] = soh.[SalesPersonID]
INNER JOIN [Sales].[SalesTerritory] st
ON sp.[TerritoryID] = st.[TerritoryID]
INNER JOIN Security.SalesAccess sa /* this is the added join */
ON sa.TerritoryID = st.[TerritoryID]
AND sa.UserId = @UserID
INNER JOIN [HumanResources].[Employee] e
ON soh.[SalesPersonID] = e.[EmployeeID]
INNER JOIN [Person].[Contact] c
ON e.[ContactID] = c.ContactID
) AS soh
PIVOT
(
SUM([SubTotal])
FOR [FiscalYear]
IN ([2002], [2003], [2004])
) AS pvt
)

—————————————————————————
– View passing userid to the function above

USE [AdventureWorks]
GO
/****** Object: View [Security].[vsSalesTotals] Script Date: 04/25/2009 12:26:17 ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO

CREATE VIEW [Security].[vsSalesTotals]
AS
SELECT
[SalesPersonID]
,[FullName]
,[Title]
,[SalesTerritory]
,[2002]
,[2003]
,[2004]

FROM Security.ufnGetSalesTotals(USER)

—————————————————————————
– table valued function accessing employee data joining to the HR security access table

USE [AdventureWorks]
GO
/****** Object: UserDefinedFunction [Security].[ufnGetEmployeeData] Script Date: 04/25/2009 12:26:37 ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO

CREATE FUNCTION [Security].[ufnGetEmployeeData]
(
@UserId VARCHAR(20)
)
RETURNS TABLE
AS
RETURN
(
SELECT
e.[EmployeeID]
,c.[Title]
,c.[FirstName]
,c.[MiddleName]
,c.[LastName]
,c.[Suffix]
,e.[Title] AS [JobTitle]
,edh.DepartmentID
,dpt.Name AS [DepartmentName]
,shr.UserID
,c.[Phone]
,c.[EmailAddress]
,c.[EmailPromotion]
,a.[AddressLine1]
,a.[AddressLine2]
,a.[City]
,sp.[Name] AS [StateProvinceName]
,a.[PostalCode]
,cr.[Name] AS [CountryRegionName]
,c.[AdditionalContactInfo]
FROM [HumanResources].[Employee] e
INNER JOIN [Person].[Contact] c
ON c.[ContactID] = e.[ContactID]
INNER JOIN [HumanResources].[EmployeeAddress] ea
ON e.[EmployeeID] = ea.[EmployeeID]
INNER JOIN [Person].[Address] a
ON ea.[AddressID] = a.[AddressID]
INNER JOIN [Person].[StateProvince] sp
ON sp.[StateProvinceID] = a.[StateProvinceID]
INNER JOIN [Person].[CountryRegion] cr
ON cr.[CountryRegionCode] = sp.[CountryRegionCode]
INNER JOIN HumanResources.EmployeeDepartmentHistory edh
ON edh.EmployeeID = e.EmployeeID
AND edh.EndDate is null
INNER JOIN Security.HRAccess shr /* this is the added join */
ON shr.DepartmentID = edh.DepartmentID
and shr.UserID = @UserID
INNER JOIN HumanResources.Department dpt
ON dpt.DepartmentID = edh.DepartmentID
)
—————————————————————————
– View passing userid to the function above

USE [AdventureWorks]
GO
/****** Object: View [Security].[vsEmployee] Script Date: 04/25/2009 12:27:01 ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO

CREATE VIEW [Security].[vsEmployee]
AS
SELECT
[EmployeeID]
,[Title]
,[FirstName]
,[MiddleName]
,[LastName]
,[Suffix]
,[JobTitle]
,DepartmentID
,[DepartmentName]
,UserID
,[Phone]
,[EmailAddress]
,[EmailPromotion]
,[AddressLine1]
,[AddressLine2]
,[City]
,[StateProvinceName]
,[PostalCode]
,[CountryRegionName]
,[AdditionalContactInfo]
FROM Security.ufnGetEmployeeData(USER)

GO
EXEC sys.sp_addextendedproperty @name=N’MS_Description’, @value=N’Employee names and addresses.’ , @level0type=N’SCHEMA’,@level0name=N’Security’, @level1type=N’VIEW’,@level1name=N’vsEmployee’

—————————————————————————
– Presentation scripts

————————————
– Dr Dobbs Example 1: dbo
————————————

– Connect blambert

use rls

–The database includes these orders

select * from orders
where department in (’East’, ‘Southeast’, ‘Northeast’)

–Here are the contents of the user access table
select * from useraccess;

–and here are the results of a query summing orders accessible by
– a particular user
select * from getordersummary (’blambert’)

– here’s the view encapsulating the getordersummary function

select * from ordersummary

select user

————————————
– Dr Dobbs Example 2: mdavis
————————————

– Connect mdavis
select user

use rls

–review the orders table

select * from orders
where department in (’East’, ‘Southeast’, ‘Northeast’)

–review the user access table
select * from useraccess;

–review the getordersummary table-valued function
select * from getordersummary (’mdavis’)

– review the ordersummary view

select * from ordersummary

————————————
– AdventureWorks Example 1: dbo
————————————

– Connect blambert

use AdventureWorks

–Adventureworks includes this view, providing a pivoted sales report

select * from Sales.vSalesPersonSalesByFiscalYears

–Here are the contents of the user access table

select * from Security.SalesAccess

–Here are territory codes

select * from Sales.SalesTerritory

–and here are the results of a query summing orders accessible by
– a particular user
select * from Security.ufnGetSalesTotals(’jmccain’)

– here’s the view encapsulating the getordersummary function

select * from Security.vsSalesTotals

select user

————————————
– AdventureWorks Example 1: bobama
————————————

– Connect bobama

use AdventureWorks

–Adventureworks includes this view, providing a pivoted sales report

select * from Sales.vSalesPersonSalesByFiscalYears

–Here are the contents of the user access table

select * from Security.SalesAccess

–Here are territory codes

select * from Sales.SalesTerritory

–and here are the results of a query summing orders accessible by
– a particular user
select * from Security.ufnGetSalesTotals(’bobama’)

– here’s the view encapsulating the getordersummary function

select * from Security.vsSalesTotals

select user

————————————
– AdventureWorks Example 2: dbo
————————————

– Connect blambert

use AdventureWorks

–Adventureworks includes this view, providing employee data

select * from HumanResources.vEmployee

–Here are the contents of the user access table

select * from Security.HRAccess

–Here are department ids

select * from HumanResources.Department
select * from HumanResources.EmployeeDepartmentHistory where enddate is null

–and here are the results of a query summing using the table valued function to list employees

select * from Security.ufnGetEmployeeData(’jmccain’)

– here’s the view encapsulating the ufnGetEmployeeData function

select * from Security.vsEmployee

select user
————————————
– AdventureWorks Example 2: bobama
————————————

– Connect bobama

use AdventureWorks

–Adventureworks includes this view, providing employee data

select * from HumanResources.vEmployee

–Here are the contents of the user access table

select * from Security.HRAccess

–Here are department ids

select * from HumanResources.Department
select * from HumanResources.EmployeeDepartmentHistory where enddate is null

–and here are the results of a query summing using the table valued function to list employees

select * from Security.ufnGetEmployeeData(’jmccain’)

– here’s the view encapsulating the ufnGetEmployeeData function

select * from Security.vsEmployee

select user

Comment on IT should own the misalignment problem by Bob

Bob — Fri, 24 Apr 2009 16:34:52 +0000

Ara and Jonathon thanks for your insightful comments, both here and at your blogs, on this topic – great stuff and I’m learning from the exchange. Ara, in answer to your comment I also wouldn’t discount relationship building as a critical element of aligning with the business, but I’ve observed a tendency of some to focus on relationship building without improving the quality of the work. In spite of my parenthetical comment, I agree you can’t have one without the other, as you correctly pointed out.
It is worth pointing out here that there’s a risk in working on the relationship without visibly improving performance. The risk is that is may be seen as image building, and, to Jonathon’s point, may reduce IT’s competitiveness in the face of potential outsourcing.

Comment on IT should own the misalignment problem by IT’s Interest in Business/IT Alignment : Practical Analyst

IT’s Interest in Business/IT Alignment : Practical Analyst — Fri, 24 Apr 2009 04:23:54 +0000

[...] Lambert says IT should take the initiative in solving problems of business/IT misalignment, and thinks the requirements process can be an [...]

Comment on IT should own the misalignment problem by Jonathan Babcock

Jonathan Babcock — Tue, 21 Apr 2009 00:41:35 +0000

Interesting articles, Bob and Ara.

A thought that crossed my mind as I read your articles is that IT has an interest in taking the initiative in making Business/IT alignment work because corporate IT is seen increasingly as just another vendor. These days, the business has other well-marketed options such as outsourcing and off-the-shelf. If they can’t get things done in-house, they know they have other options.

IT needs to provide a compelling value proposition and “sell” its services to the business customer almost as if it were competing for it’s business on the open market. As IT folk, we’re certainly incented to reach out and keep the customer relationship healthy and that biz/it alignment in balance.

Comment on IT should own the misalignment problem by Ara Trembly

Ara Trembly — Fri, 17 Apr 2009 15:19:42 +0000

Well said. I like the idea of IT taking up the reins and going for it when it comes to establishing better relationships, and certainly IT has substance to bring. But can we really “take emotions out of the picture”? Probably not, unless we subscribe to the Vulcan code of emotive flatness. The key is to leverage the parties’ emotions (on both sides) by championing personal responsibility and looking beyond our own selfish needs, jealousies or fears. If we start by magnifying, then changing the emotional climate, the results for business and IT will improve immeasurably.

Comment on IT PMs need IT experience by Tania

Tania — Sat, 11 Apr 2009 23:35:56 +0000

Hi,
Thanks for article. Everytime like to read you.

Have a nice day
Tania

Comment on No business value in nulls by Bob

Bob — Wed, 08 Apr 2009 18:07:46 +0000

Andy, great examples, and I definitely agree with your approach. Still, it seems to me they are about how to represent the business requirement in a design. Nulls are a valid tool for the DB/code-literate in design, but in terms of business requirements I still think probably never. I think of all business requirements working on normalized data, thereby giving the designer/developer full control of design decisions and not cutting off any data design options. Given that, to me the player_average table is a (probably appropriate) denormalization of the player_at_bat_event table, of which there would be no row for the player who has not yet faced a pitcher. So I think we’re coming from the same place, just in different stages of the development life cycle. I suppose a clarifying comment is in order: “no business value in nulls until design.”