August 30, 2008 at 10:45 pm
I just upgraded to SQL Server 2008 Express, and I'd like to add whatever combination of login / role / user / schema / permissions is appropriate for a web application. I'm not quite sure what the difference between these five concepts is.
Like most web apps, I'll be connecting via a connect string in web.config, so there will only need to be one User (or do I want Role) in the database. I'd like to grant that user or role the permissions necessary to run stored procedures, add / update / delete / select data, but nothing else.
Can anyone point me to an article that describes that, or maybe you already have a T-SQL script that accomplishes this?
Thanks!
September 2, 2008 at 7:06 am
The simplest way to manage security in your instance, and I know you said you did not want to use a role, is to create a role with these rights on the schema (or schemas) (are you sure you'll NEVER add another user) and put your web user in the role.
Basic syntax is:
GRANT INSERT,UPDATE,DELETE,SELECT,EXECUTE,REFERENCES on schema::[schema_name]to Public
My personal preference and many disagree is to only grant edit (insert/update/delete) through stored procedures.
Jack Corbett
Consultant - Straight Path Solutions
Check out these links on how to get faster and more accurate answers:
Forum Etiquette: How to post data/code on a forum to get the best help
Need an Answer? Actually, No ... You Need a Question
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply