Approles and security question
From: John Smith (johnsmith@biteme.org)
Date: 01/31/03
- Next message: Marcel: "MSQL Server and Slammer"
- Previous message: SQL Server Development Team [MSFT]: "Re: AUTHENTICATION TO APPLY SP3"
- Next in thread: Mary Chipman: "Re: Approles and security question"
- Reply: Mary Chipman: "Re: Approles and security question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "John Smith" <johnsmith@biteme.org> Date: Fri, 31 Jan 2003 10:09:19 -0700
In the process of developing a new application, we are looking into using an
approle to tighten security. Meaning that each user logs into the app, and
the app invokes the role preassigned to it for all communication direct to
the db.
We have a good handle on how it works except for one part.
I need to audit all deletes, updates, inserts to the database with a
trigger, I need to put them in a seperate table for an audit trail. This is
not negotiable. whom does it says it he logged on user? the sqlserver user
(the app role) or the logged in user (the o/s user). I actually need the
latter more than the former. Can I get that info when using an approle?
Not to confuse matters much but what if it is a web app? does it record the
client os user or does it record the webserver service account info? I can
set IIS to not alow anon connections, so I can figure out how they logged
into the app, but not sure how I can audit that.
Lastly, anyone out there developing software using an approle currently how
does it work and how are you implementing it?
thanks.
post only replies please.
- Next message: Marcel: "MSQL Server and Slammer"
- Previous message: SQL Server Development Team [MSFT]: "Re: AUTHENTICATION TO APPLY SP3"
- Next in thread: Mary Chipman: "Re: Approles and security question"
- Reply: Mary Chipman: "Re: Approles and security question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
