October 19, 2002 at 9:29 am
I have little to no knowledge of SQL and am involved in managing a project. We want to take an Access database, migrate it to SQL and web enable it for our dept (using SQL/ASP/JScript/IIS).
We are currently running in Windows NT4.0 domain model, SQL 2000 on Windows 2000 Server running IIS 5. From everything I read, it sounds like the NT login/password should be adequate enough to grant access to the SQL database. However, our developers have created what they call a "security" database within SQL containing all of our current users, and doing a cross reference against this to decide whether a user has access and what level. If a new user comes onboard, we then have to manually add them to their database; then assign them level of access.
I thought we would be able to pull in a user account and/or global group from our MAIN domain and then assign level of access. I feel like we're heading towards maintaining two separate user databases and don't feel that's necessary.
Looking for insight as to how this is normally handled.
October 19, 2002 at 11:00 am
Lots of options here. Using just NT authentication to control db access usually isnt good enough, it leaves open the possibility of someone connecting with something besides your app (MS Query for one) and accessing the data. Using app roles can fix that, but brings a different set of issues. Even if you go with a sql login (which I recommend, I have several articles posted discussing it) that's often not granular enough - you end up with one or more tables driving application level security - mgr bees vs worker bees being one case. You can derive that info from AD group membership - which works ok unless you need to grant access outside the domain.
Andy
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply