tags:

views:

58

answers:

2
+2  Q: 

Do You Give Users Access To Your Database Or Are Queries Executed By A Shared Username

I am building a C# app which will need to talk to a database - I have written a module which checks whether users are permissioned appropriately and then uses a shared username to run the query

This means that permissioning is done in C#.

I am now wondering whether this is a good idea and whether permissions should be applied a the database level ie each user set up with their own user name and account. The reason for NOT doing this is that we are not DBAs and getting users added

What are the benefits and problems of permissioning users at the database level rather then c# level?

+3  A: 

I always use a database login/user set up for my application.

By doing this i can operate reasonably safely within a database that may be shared with other applications - my application can be granted just the permissions it needs on the objects it needs to access.

This decouples the users from the database - it means that user Jane Doe doesn't need to be given specific rights on the database to use my application, which DBAs love as because of that it also means she can't just start up SQL Management Studio and start looking through tables (because she has no rights).

Edit: note that it is not necessary to give each user a login in order to audit who made changes - my app can still be logged in as one (restricted) user and i can pass the machine/user name of the user in to whatever stored proc i am calling so that data changes can be logged.

You can certainly have a group set up on your database and allocate the correct permissions to this group, but that means you then have to add/remove users from that group as necessary, which can be an administrative annoyance.

slugster  2010-03-06 08:04:27
+2  A: 

How important is the data in your database? Is auditability (logging who changed the data, what they changed and when) important?

If all your C# program does is read the data and the data is public anyway, then what you are doing is fine. This is exactly what happens on a website where users do not need to login, all queries are run from the same user.

For a high security, mission critical application rolling your own security in the code is seldom a good idea, much better to utilize the security system built into the operating system.

Are your computers part of a domain and do you use Active Directory? If so, you might want to consider using Windows authentication and groups.

JonnyBoats  2010-03-06 09:28:21
The data is sensitive - And thats the question - Whats the pros and cons of using db groups versus permissioning data in the C# code.Oh and how do you allow inserting of just one cell :-)
ChloeRadshaw  2010-03-06 09:31:03

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?