views:

107

answers:

2

for security reason, what is the minimum access level the asp.net membership user could have?

+1  A: 

Based on my investigations over here: http://stackoverflow.com/questions/473060/asp-net-membership-deleteuser, the user would need SELECT and EXECUTE permissions.

Irwin
+1  A: 

Better to use the application roles provided in the database.

These are documented on MSDN in page "Roles and Views in the Application Services Database for SQL Server". This includes which operations require which role.

NB. You can also use SQL Management Studio to look at what is secured for each of the roles.

Richard