Arthur Fuller
artful at rogers.com
Thu Oct 30 18:25:06 CST 2003
I half-replied to this a moment ago, but now that I see your detail I think it warrants a second reply. Your setup confuses users with roles, and muddies the audit-trail waters. Instead, I suggest the following: 1. Create a login for each individual user. 2. Create a role for each level of user (i.e. marketing). 3. Assign rights to each role additively (i.e. marketing types, managers, ops). This assumes that managers have more rights than marketing types, and that ops have more than managers. This may not apply to your case, but is the general principle. Assign rights to role, and individual users to roles. IMO this is by far the best way to go: you retain the ability to track the behaviour of individual users, while also gaining the simplicity of giving many rights to a user simply by assigning her to a given role. Arthur -----Original Message----- From: dba-sqlserver-bounces at databaseadvisors.com [mailto:dba-sqlserver-bounces at databaseadvisors.com] On Behalf Of David Emerson Sent: Wednesday, October 29, 2003 1:53 PM To: dba-sqlserver at databaseadvisors.com Subject: Re: [dba-SQLServer]Re: Linking to Local Table Thanks everyone for the feedback so far. The storing of the data in a temporary file is not the problem - the problem is how I can use that data with the SQL BE and not have two people logged in as the same user overwriting each others table of data (remember 'Users' have been set up more as job functions so that individuals don't have their own log on - they log in as manager, or operations, or marketing. This means that we are not constantly setting up and deleting individual log ons as people come and go). I may just sit on this one and see if any bright ideas hit me over the next week. David --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.530 / Virus Database: 325 - Release Date: 10/22/2003