You missed a line

IWETHEY v. 0.3.0 | TODO

1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User

Welcome to IWETHEY!

Post #229,960

by drewk

10/18/05 2:25:45 PM

You missed a line

Users are also granted specific permissions on SQL Server ...

First the sysadmin creates the user account and assigns groups. Then the DBA (actually a programmer who happens to be an MCDBA) assigns permissions to the tables. Or at least some of the tables ... the ones he knows about.

Usually there are tables (eg ones with user information) where users need to be granted/denied access per row. So you'll likely need to build the usual kind of permission scheme ANYWAYS. Having multiple permission scheme's is a good way to lead to confusion, and confusion is a Bad Thing when it comes to security.

Yes. Yes. And yes.

I also suspect -- but don't know enough about admin-ing Windows to be sure -- that this is actually a Very Bad Idea for SQL Server. I would think you'd want as few users with permissions on the DB as possible. And the one user with permission should be a user that no real user can be.

===

Purveyor of Doc Hope's [link|http://DocHope.com|fresh-baked dog biscuits and pet treats].
[link|http://DocHope.com|http://DocHope.com]

Is this a good idea? - (drewk) - (14) - Oct. 18, 2005, 01:02:00 PM EDT

Re: Is this a good idea? - (admin) - Oct. 18, 2005, 01:28:46 PM EDT

That's a definite maybe... - (ben_tilly) - (3) - Oct. 18, 2005, 01:31:01 PM EDT

You missed a line - (drewk) - Oct. 18, 2005, 02:25:45 PM EDT

Admin, we need another WeeCode... - (CRConrad) - (1) - Oct. 18, 2005, 02:32:51 PM EDT

Why not just have another checkbox on the New Comment page - (Meerkat) - Oct. 20, 2005, 08:26:42 AM EDT

ICLRPD (new thread) - (Steve Lowe) - Oct. 18, 2005, 03:18:56 PM EDT

Hard to say - (JayMehaffey) - (5) - Oct. 18, 2005, 05:06:51 PM EDT

My main issue with it - (drewk) - (4) - Oct. 18, 2005, 05:18:13 PM EDT

If that is all you have then it is a problem - (JayMehaffey) - (3) - Oct. 18, 2005, 06:32:56 PM EDT

That's an interesting idea. - (static) - Oct. 18, 2005, 08:03:15 PM EDT

What you describe is what I favor - (drewk) - Oct. 18, 2005, 08:39:30 PM EDT

Permission schemes can get complicated, fast - (ben_tilly) - Oct. 18, 2005, 09:22:53 PM EDT

Sounds like someone doesn't trust your application's - (Simon_Jester) - (1) - Oct. 20, 2005, 12:13:41 PM EDT

Yup, the same people wrote both -NT - (drewk) - Oct. 20, 2005, 12:36:59 PM EDT

iwethey.org

Must be what keeps your hair up.
56 ms