June 28, 2006 at 8:11 am
Hi All,
We have recently migrated our databases, and now have the situation where I need to create specific logins/users for each application database (each app has its own database). What is the best practise here?
I have numerous developers accessing application specific databases on several servers, but am not sure of the best login/user model..
One login and one user per application/database?
With thanks in advance for any pointers..
June 28, 2006 at 8:56 am
Greg
I think that if you have migrated the databases of existing applications, then you are bound by the design of each application. For example, some applications have an application server that connects to the SQL Server using one SQL Server login, handling their own security with a table of users within the database. Others have clients connecting directly to the SQL Server using their Windows account - all accounts are members of a Windows group, which is given access to the database.
There are several variations on those themes - you will need to speak to the application vendors and ask what kind of logins their application requires. In our shop, we do not allow any applications to connect as sa or equivalent, or even as a database owner. Most vendors will protest that their applications won't work if you don't give them those privileges, but it's amazing how they nearly always find a workaround if you stand your ground!
John
Viewing 2 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply