Re: User mangement for a database applicaiton

From: lindawie (lindawie@my-deja.com)
Date: 05/05/02


From: "lindawie" <lindawie@my-deja.com>
Date: Sun, 5 May 2002 09:21:38 -0700


Prakash,

> I am planning for a database application using VB 6 and SQL SERVER
> 2000.I have a problem with me. How to mange the security . w.r.t to
> User access to the database.I find that there is no requirement of
> creating users in the database,since no user has the knowledge of
> writing sqls.So what I am thinking is to restrict the user thru vb
> code.That is by making the particular menu visible or not visible
> according to the user id and password.I will create a table in the
> databse which will hold the different menus with a row for different
> operations like editing,creating,updating, etcc..

The approach you are contemplating is fine for restricting access to
functionality in your application, but it doesn't do a thing to protect
your data. Users can connect to SQL Server using any tool they like,
bypassing your application security.

You should consider creating one or more roles and granting appropriate
permissions for objects to the roles. You can then add users to the role
that corresponds to the security level they need.

Linda