Re: Schema as a security mechanism?



Eugene
Dan has already answered all you questions. I want just to add that if
don't really need to use SCHEMA , use 'dbo' as default SCHEMA created by SQL
Server 2005. I think ROLES are still playing very good security role in SQL
Server , you definetly can continue to use them.





"Eugene" <Eugene@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:87513959-0819-4E1B-9A2B-129D997DEEBF@xxxxxxxxxxxxxxxx
Hi, I have a question regarding the new schema feature, and the existing
database roles. I have found quite some discussion on them in both msdn
newsgroups as well as articles for other websites.

Briefly, I got asked this question, why should we choose to use schema
instead of roles that we have been using all these years/

From what I read, I found that schema is used as a container to group
database objects, rather than a security mechanism on its own. Role is a
grouping of db users for a purpose.

So how can schema helps in security? I read something about defense in
depth, something like multiple level of security. Does schema by itself
helps
security? Can it replace role?

Lastly, with the question posed, 'why should be change from using role to
schema?', how should I answer this?

thanks
Eugene


.