March 6, 2012 at 12:14 pm
Entity Framework and Code First allow developers to develop without creating database objects. Although I"m fuzzy on some of the details, Code First seems to let them design classes in their code, and then it creates the back end tables for them.
One of my concerns with this approach, however, is then it requires that I give users direct read and write access to the tables. Currently the model is to have the developers create stored procedures, and give users execute to those procedures -- no direct table access.
Code First changes this. And frankly, I'm not comfortable with that. I worry about a rogue user firing up Access, or downloading an express edition of SSMS, and editing tables directly.
Has anyone else encountered this situation before? Are there any good compromises that I should consider? Anyone have any thoughts?
March 6, 2012 at 12:44 pm
the company I work for now uses entity framework, its managed by using windows auth on the connection string for only the account running iis. This user cannot login via rdp to any server so it cannot dynamically login to SQL via ssms only via iis. Developers then only have read access to the db. So they can't update the tables
March 6, 2012 at 12:54 pm
Ok, so that mirrors one suggestion the developers have offered here. My concern with that is my company has a policy that we have to be able to assign accountability to any operation performaned against the DB. If the connection is made from the app web server to the DB as a generic user, we lose that. Unless the app also can poll the identity of the real person, and store that. Maybe that's possible.
March 6, 2012 at 1:10 pm
you should be able to configure that in the app where it grabs to logged in user at launch and stores it while the app is open then passes it into any logging you do
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply