Best Practise DB acces of data

  • I allow users to read and update records that are specific to them in a SQL 2005 database

    My code does it like this...

    User > Asp.net: form > textbox > validation client/server side > Server side Stored Proceedure wrapper > Stored Proceedure > SQL 2005 table.

    My Question is that should the last part be this ...

    Stored Proceedure > SQL 2005 View > SQL 2005 table.

    In the SQL 2005 roles and allocation of users to it, do I need to access users to tables that the stored proceedures require or do i only allow user access to stored proceedures, therefore users cant touch the tables. I am a bit rusty.

  • You only need to give them Execute Permission on the stored procedures.

    MCITP SQL 2005, MCSA SQL 2012

  • Don't grant users any rights.

    Create a role(s), and then add users to the role(s). Grant EXECUTE on the stored procedures to the roles. That's it.

    You do not need the views in your list unless you are combining tables to make things easier to query from the stored procedure.

    Kudos for using the stored proc model.

  • Steve's answer was definetly more complete, I should have done the same, hope you get it working.

    MCITP SQL 2005, MCSA SQL 2012

Viewing 4 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply