Database permissions

  • Hi, I have a question for database permission.

    What is the best practice to setup permissions for an application account?

    I know it is to stick on the rule that only grant permissions needed. keep minimum as possible.

    And db_owner is not a good option even the database is only used internally.

    I usually setup a role that can execute stored procedures and functions.

    But in recent .net applications, developers use entity frame work which generate SQL commands in the code. So they may not necessarily use stored procedures.

    In this case they also need have select, update, insert, delete permissions to the database for the application execute account.

    What is the best practice to setup permissions in this case?

    Thanks,

  • In general, it all depends on the application requirements.

    First thing would be to gather the information from the developer who will be supporting that application on things like what exactly the code does.....

    That gives us an insight on what permissions they actually need for that application....

    Best practice is using a Windows Account and keeping the permissions as minimum as possible.

    Usually for most of the APP's: an account with db_datareader, db_datawriter and db_exec roles would suffice.

    Again as i said, it all depends on the application code .... 🙂

    Hope this helps 🙂

  • As per your requirement create a respective role for the application this will help you in easy maintenance of the security.

    ---------------------------------------------------
    "Thare are only 10 types of people in the world:
    Those who understand binary, and those who don't."

Viewing 3 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic. Login to reply