September 1, 2003 at 8:59 am
Hi!
Recently studing the permissions on my databases, found out that public role has "Create Table" right on some databases. A guy from development group said that this is necessary for application, since it creates tables from a client on these databases. Application role is not acceptable here, because the application works with several databases.
I still think this is not a good practice.
Is there a way to organize application roles for application, with multiple databases?
Thanks.
September 1, 2003 at 7:12 pm
Methinks no to the "application roles with multiple databases" question.
But you're right about it not being a good practice. But, PUBLIC role?! Be serious Mr development group guy.
Maybe you can come to a compromise with him by created a custom (non-application) role in each of the databases; give the role CREATE TABLE privilege; and assign that role to the necessary users
Cheers,
- Mark
Cheers,
- Mark
September 1, 2003 at 11:47 pm
All the users of these databases are also users of the application, so, if there is no way to organize application roles for application with multiple databases, perhaps the guy from development group is right?
I have another idea, though... What about setting cross database owenership?
/* I am having MS SQL Server 2000 + sp3, on Win2000 Adv Serv + sp4 */
September 2, 2003 at 4:13 pm
If you're thinking about retaining the PUBLIC privileges then I hope you don't still have a guest user defined in those databases.
Cheers,
- Mark
Cheers,
- Mark
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply