Arthur Fuller
fuller.artful at gmail.com
Tue Jul 24 07:45:09 CDT 2012
I think that I disagree on that point, JC. I much prefer to assign users to Roles on the database level. I have even found that Roles are additive, or perhaps cumulative is a better word. For example, within a given database, you could create a Role called Sales, with just enough rights to create new sales orders and look up existing sales. Above that, you could have another Role called SalesManager, with all the Sales rights and some additional ones such as the ability to view the performance reports on all Sales people. And above that, a SeniorManagement Role that can do everything Sales and SalesManager can do, plus some additional stuff. The main reason I like to do it this way is In a multi-company scenario, Company A's Roles could be restricted completely to that company's database, and similarly for Companies B and C. And meanwhile, godlike being that you are, you can do Anything. A. On Mon, Jul 23, 2012 at 9:07 PM, jwcolby <jwcolby at colbyconsulting.com>wrote: > Not so fun however when you are giving unknown / barely known users / > machines access to your business server. Better to have an Access Fe > installed on the user's machine coming in under a single SQL Server user / > group which is precisely controlled what it is allowed to do. > > >