Re: Application roles, good or bad?
From: Lyudmila Fokina [MSFT] (lyudmilf_at_online.microsoft.com)
Date: 06/11/04
- Previous message: Kevin McDonnell [MSFT]: "RE: repodbc.dll and opening error"
- In reply to: Paul Bauer: "Application roles, good or bad?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 10 Jun 2004 16:37:53 -0700
>From what you described it doesn't look like using application roles will
fit your model.
When an application role is activated for a connection by the application,
the connection
permanently loses all permissions applied to the login, user account, or
other groups or
database roles in all databases for the duration of the connection. The
connection gains the
permissions associated with the application role for the database in which
the application role exists.
This means all users who connects the db through this application will have
the same permissions in
this db (unless your implement your own logic inside the application, which
doesn't seems to be your goal).
Using Windows authentification seems to be better solution here.
-- Thanks, Lyudmila Fokina Please do not send e-mail directly to this alias. This alias is for newsgroup purposes only Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. "Paul Bauer" <paul.bauer@rimrockgroup.com> wrote in message news:#z$3c0zTEHA.2580@TK2MSFTNGP12.phx.gbl... > We are trying to determine if using application roles would be the best > method to access our SQL database with a "to be developed" ASP.Net > application or possibly an Access project. Some of the requirements of the > application will require different users to have access to different parts > of the database. Some users may be able to modify data while other users > might be read only users. I assume that this would require the application > to use different application roles depending on the user that is logging > into the application? > > Another requirement of the application is the ability to maintain an audit > trail for users. So, either we will still have to use the user account to > create the initial connection to the database before applying the > application role or the user name will have to be passed in by the > application so that it can be used for auditing if another (single) account > is used for the initial connection to the database. Are there any guidelines > for best practice or recommended practice? Thanks. > > Paul Bauer > paul.bauer@rimrockgroup.com > www.rimrockgroup.com > > >
- Previous message: Kevin McDonnell [MSFT]: "RE: repodbc.dll and opening error"
- In reply to: Paul Bauer: "Application roles, good or bad?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
