Prev: Combine Query
Next: Table-lookup transformations
From: Simon Whale on 4 Aug 2010 11:01
SQL2005

were in the middle of porting an existing system over to .net etc

but were having a discussion on how to restrict users from accessing certain
parts of the of an MDI based application, my collegue thinks its best done
from SQL Server roles. That once the user has loaded the application it
initially looks at thier SQL server roles and disables parts of the
application (e.g. forms)

personally i think its not the best way forward for practicallity and or
maintability. but i need to prove why it wont be the best method. Can
anyone give me some pointers


Thanks
Simon


From: Erland Sommarskog on 4 Aug 2010 15:54
Simon Whale (simon(a)nospam.oak-underwriting.com) writes:
> were in the middle of porting an existing system over to .net etc
>
> but were having a discussion on how to restrict users from accessing
> certain parts of the of an MDI based application, my collegue thinks
> its best done from SQL Server roles. That once the user has loaded the
> application it initially looks at thier SQL server roles and disables
> parts of the application (e.g. forms)
>
> personally i think its not the best way forward for practicallity and or
> maintability. but i need to prove why it wont be the best method. Can
> anyone give me some pointers

In my ears it sounds messy to control application behaviour with SQL
Server security. I would rather use something within the application.
Maybe this can take data from membership in SQL Server roles, but then
again it would make more sense to use Windows groups.


--
Erland Sommarskog, SQL Server MVP, esquel(a)sommarskog.se

Links for SQL Server Books Online:
SQL 2008: http://msdn.microsoft.com/en-us/sqlserver/cc514207.aspx
SQL 2005: http://msdn.microsoft.com/en-us/sqlserver/bb895970.aspx
SQL 2000: http://www.microsoft.com/sql/prodinfo/previousversions/books.mspx

 | 
Pages: 1
Prev: Combine Query
Next: Table-lookup transformations