|
|||||||||
|
|||||||||
|
|||||||||
 |
|||||||||
| |
||
|
|
|
|
|||||||||
|
|||||||||
|
|||||||||
|
|||||||||
| |
||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
ASP Free Forums Sponsor:
|
|
|
|
#1
September 1st, 2004, 08:40 AM
|
|||
|
|||
|
User Accounts best practices
I am fairly new to .net and SQL server. I am creating a c# web app that will require several types of logins (general users, administrators, etc) and the app will contain of said logins (especially the general user). This is a pretty typical web app so my typical user will have an account with a profile that they can update online and they will only have access to their own account, etc.
Q: is it better 1) to create tables of my own to contain the user accounts and another table to define their permissions or 2) utilize SQL server's built in user tables, roles, and permissions? I could end up with thousands of active users so before I begin coding I want to make sure I am doing this right. TIA
|
|
#2
September 1st, 2004, 09:29 AM
|
||||
|
||||
|
I would create a users table and a security table, similar to this
Quote:
Last edited by Memnoch : September 1st, 2004 at 09:33 AM.
|
|
#3
September 1st, 2004, 09:41 AM
|
|||
|
|||
|
Blunder #1?
Yeah after I posted I found an article called "Top 10 SQL Server Blunders" and I believe the question I posed is Blunder #1. http://searchdatabase.techtarget.com/tip/1,289483,sid13_gci874688,00.html?FromTaxonomy=%2Fp r%2F286331Am I reading it right? I am NOT supposed to use built-in user accounts for my application?
|
|
#4
September 10th, 2004, 09:05 AM
|
|||
|
|||
|
Quote:
I find this really strange. I'm also fairly new to SQL server but from what I can see (and I've been looking into it), sql server provides great security features. I would set up each role I required as a group, and add people as necessary to the role. The role would have the permissions so that I didn't need to change individual's permissions all the time. That saves time and space. It sounds really odd to me to create your own security tables when sql server has it all there for you. You can even create separate log ins for different applications, so that a person only has access to your database from within a certain application. You can also create views and stored procedures, and apply permissions to those for certain groups, so you can specify which columns on which tables your users have access to. It's really flexible.
|
|
#5
September 10th, 2004, 09:10 AM
|
||||
|
||||
|
That's a good idea in certain environments Paula, the only drawback would be if the client wanted an adminstrative side to the application to manage the users permissions.
Setting it up in tables would allow Adminstrators to manage user permissions as needed.
|
|
| Viewing: ASP Free Forums > Database > Microsoft SQL Server > User Accounts best practices |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
|
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
