views:

55

answers:

1

We have an application which uses an instance of Sql Server locally for its backend storage. The administrator windows login has had its sysadmin right revoked, and instead two sql logins have been created; one for the application with a secret password and one read only login we let users view the raw data with.

This was working fine until we moved on FileStreams, which requires intergrated windows authentication. So now the sql server logins must be replaced.

As a result, I am now reviewing all of our logins but I am not sure how it is possible. It seems that the application needs full read/write access, yet I still need to lock down writing to the tables so the user cannot login into the database and delete data randomly. Does anyone have any tips for setting multiple levels of security using intergrated windows logins, or can you direct me to any further reading?

Some answers can also be found on serverfault: http://serverfault.com/questions/138763/setting-sql-server-security-rights-for-multiple-situations

+1  A: 

You can grant data read rights to the windows login your users will use (ie. the actual user, a group, or a built-in group like Users or Everyone). Your application can use an approle with a 'secret' password, and grant the necessary write rights to this approle. Your app logs in as the windows user, but then it impersonates the approle. See Application Roles.

Some notes:

Remus Rusanu
Thank you for this excellent information.
DanDan