Re: SQL Server Application Roles

• Previous message: luxspes: "Re: SQL Server Application Roles"
• In reply to: luxspes: "Re: SQL Server Application Roles"
• Next in thread: Dan Guzman: "Re: SQL Server Application Roles"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sun, 20 Nov 2005 06:05:04 -0600

> Applications roles work the same way normal users works....

Application roles might appear similar to normal users in some areas but
these are actually very different.

A login is first authenticated at the SQL Server level. If valid, SQL
Server checks to see if the login has access to the requested database by
looking for a database user mapped to that login. If present, access to the
database is allowed to the database under the security context of the
database user. An database application role be activated only after SQL
Server allows database access.

As you indicated, a login/user mismatch can occur when a database is
attached or restored to another server. This problem can be addressed by
either recreating the problem database users or executing
sp_change_users_login to correct the problem. It is naive to assume that
application roles will circumvent the mismatched user problem because not
only is database access not guaranteed, the database could be accessed under
the wrong security context before the app role is activated.

-- 
Hope this helps.
Dan Guzman
SQL Server MVP
"luxspes" <me@privacy.net> wrote in message 
news:uWjEoRb7FHA.2384@TK2MSFTNGP12.phx.gbl...
> Applications roles work the same way normal users works... IMHO you 
> shouldnt be trying to create them from you application... you should 
> define them when configuring your database for deployment (or development) 
> ... the main (and only?) difference between app roles and users... is that 
> app roles are "saved" inside your database (while users are saved in the 
> database server) so if you backup and restore you database in multiple 
> sqlserver you app roles will continue to work... while you user might have 
> to be reatached (because their internal id keys could be different in 
> different dabase servers)...
> I hope that helps ;) .
>
>
> Jonathan Allen wrote:
>> Allow me to restate my question.
>>
>> What the hell is the right way to use application roles from VB/C#? When 
>> I try the below code, I get an exception the second time I call 
>> GetDBConnection.
>> 

• Previous message: luxspes: "Re: SQL Server Application Roles"
• In reply to: luxspes: "Re: SQL Server Application Roles"
• Next in thread: Dan Guzman: "Re: SQL Server Application Roles"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Create SharePoint Portal failed. ... One mentioned ensuring that SQL Server uses a case ... 13:55:40 Service database server is 'USDC-JOHRIV'. ... Update dbo.propertylist set DisplayName = N'Last name' ... (microsoft.public.sharepoint.portalserver) Re: ADO Connection Timeout ... to the central server, but you are willing to live with periods where it ... i.e. a local database or even a text file. ... to function until the connection can be restored to the server. ... (microsoft.public.data.ado) Web Developers - Happy Hearts And HDTV! - Lockergnome ... Certificate on your MSIIS Web server. ... getting data from a database is only half the problem. ... Zend recently started a series about building rock solid code in PHP. ... which provides bulk database conversion. ... (freebsd-questions) Config for OLTP system ... extrenal disks fo the 60GByte database server. ... IBM Informix Dynamic Server Configuration Parameters ... # BUFFSIZE - OnLine no longer supports this configuration parameter. ... (comp.databases.informix) Re: TNS could not resolve the connect identifier ... This database resides on Machine A. ... The Web server is running on Machine B. ... Using tnsping is not as good as using a real connection such as via ... client (note that this is terminology that appears in the 10g R2 ... (comp.databases.oracle.server)