Re: User mangement for a database applicaiton

From: lindawie (lindawie@my-deja.com)
Date: 05/05/02


From: "lindawie" <lindawie@my-deja.com>
Date: Sun, 5 May 2002 09:21:38 -0700


Prakash,

> I am planning for a database application using VB 6 and SQL SERVER
> 2000.I have a problem with me. How to mange the security . w.r.t to
> User access to the database.I find that there is no requirement of
> creating users in the database,since no user has the knowledge of
> writing sqls.So what I am thinking is to restrict the user thru vb
> code.That is by making the particular menu visible or not visible
> according to the user id and password.I will create a table in the
> databse which will hold the different menus with a row for different
> operations like editing,creating,updating, etcc..

The approach you are contemplating is fine for restricting access to
functionality in your application, but it doesn't do a thing to protect
your data. Users can connect to SQL Server using any tool they like,
bypassing your application security.

You should consider creating one or more roles and granting appropriate
permissions for objects to the roles. You can then add users to the role
that corresponds to the security level they need.

Linda



Relevant Pages

  • Re: connection to a remote computer
    ... your web.config do you have an identity tag ... This configuration option determines the login ID you need to give access to ... tag access to SQL Server. ... "Give ASP.Net user access to your ...
    (microsoft.public.dotnet.distributed_apps)
  • Re: ADO SQLConnection works only in Windows, but not in WEB
    ... Guess which of these uses has access to the SQL Server database? ... Grant that user access to the database. ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Access 2000 limitations
    ... On 14/07/2010 23:49, David Kaye wrote: ... Access is not designed for many user access over a network, SQL server is. ... iCode Systems ...
    (microsoft.public.vb.general.discussion)
  • Re: ADE: data provider could not be initialized
    ... You create a login..this gets your user access to the SQL Server. ... database role that has already been granted permissions. ... >> A> I have tried all sorts of NTFS Security settings on the Laptops, ...
    (microsoft.public.access.adp.sqlserver)