Well it's good to keep this topic under discussion. I agree that WA dosnt do anything for internet sites where there is a problem that has to be addressed.

However i use WA and application roles for all my intranet and internal apps because it allows me to switch people on and off easily, but dosnt give them any access to the database, apart from views & spocs that i explicitly give them. If an employee leaves he cannot even get onto the network and cannot connect to the database so knowledge of the app role password is not an issue after he has left.

App Roles are essential to controlling access to rows and columns, which (unless i've missed something) cant be done in SQL Server 7.

The problems with app roles are;

1. you have to store the role name & password somewhere. This can be dealt with as suggested in the article.

2. third party tools and components such as crystal reports dont support app roles - which is a serious drawback imo.

One ommision that i would like to see a solution to is being able to see the sum total of access that a user has via the various roles etc. E.g. User W has read permission on table X through role Y and role Z