David Emerson
davide at dalyn.co.nz
Thu Oct 30 18:28:17 CST 2003
Thanks everyone for the continued feedback. To clear up one matter, we currently have users and roles. As Arthur suggests, the permissions are on the roles. It is just that for ease of maintenance (and because I didn't know better) we just had one user for each role. We haven't got as far as tracking the behaviour of individual users. Is this something built into SQL or does it need to be programmed? David At 30/10/2003, you wrote: >I half-replied to this a moment ago, but now that I see your detail I >think it warrants a second reply. Your setup confuses users with roles, >and muddies the audit-trail waters. Instead, I suggest the following: > >1. Create a login for each individual user. >2. Create a role for each level of user (i.e. marketing). >3. Assign rights to each role additively (i.e. marketing types, >managers, ops). This assumes that managers have more rights than >marketing types, and that ops have more than managers. This may not >apply to your case, but is the general principle. Assign rights to role, >and individual users to roles. > >IMO this is by far the best way to go: you retain the ability to track >the behaviour of individual users, while also gaining the simplicity of >giving many rights to a user simply by assigning her to a given role. > >Arthur > >-----Original Message----- >From: dba-sqlserver-bounces at databaseadvisors.com >[mailto:dba-sqlserver-bounces at databaseadvisors.com] On Behalf Of David >Emerson >Sent: Wednesday, October 29, 2003 1:53 PM >To: dba-sqlserver at databaseadvisors.com >Subject: Re: [dba-SQLServer]Re: Linking to Local Table > > >Thanks everyone for the feedback so far. The storing of the data in a >temporary file is not the problem - the problem is how I can use that >data >with the SQL BE and not have two people logged in as the same user >overwriting each others table of data (remember 'Users' have been set up > >more as job functions so that individuals don't have their own log on - >they log in as manager, or operations, or marketing. This means that we > >are not constantly setting up and deleting individual log ons as people >come and go). > >I may just sit on this one and see if any bright ideas hit me over the >next >week. > >David > > >--- >Outgoing mail is certified Virus Free. >Checked by AVG anti-virus system (http://www.grisoft.com). >Version: 6.0.530 / Virus Database: 325 - Release Date: 10/22/2003 > > > >_______________________________________________ >dba-SQLServer mailing list >dba-SQLServer at databaseadvisors.com >http://databaseadvisors.com/mailman/listinfo/dba-sqlserver >http://www.databaseadvisors.com