we have many homegrown applications. for each application, we create a
sql user id for the application. that id has db_datareader and
db_datawriter (no other permissions) in its database and cannot access
any other databases. is that basically the same thing as an
application role? if not, what advantages does an application role have
over that?With or without application roles, users still need a login (individual or
shared) to connect to SQL Server. The main advantage of an application role
compared to a regular database role is that you can grant full permissions
to the app role and choose to enable it only from within your application.
This way, users cannot perform ad-hoc queries outside the application unless
they have been granted permissions to do so.
Hope this helps.
Dan Guzman
SQL Server MVP
"ch" <ch@.dontemailme.com> wrote in message
news:4051B3AC.816C10DF@.dontemailme.com...
> we have many homegrown applications. for each application, we create a
> sql user id for the application. that id has db_datareader and
> db_datawriter (no other permissions) in its database and cannot access
> any other databases. is that basically the same thing as an
> application role? if not, what advantages does an application role have
> over that?
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment