> What credentials are used in the connection string?
One usually uses the normal user credentials for the initial connection in
order to validate the current user identity. You can either specify a
trusted connection (e.g. 'Integrated Security=SSPI') or the user's SQL login
(e.g. 'User Id=MyLogin;Password=MyPassword'). The specified account needs
to be granted access to SQL Server and your user database. However, no
object permissions need be granted to the user since you granted all
necessary permissions to the app role.
An advantage of app roles is that the login's original identity is
maintained (e.g. 'SELECT SUSER_SNAME()') but the security context of the app
role is used for database access. This works especially well with Windows
authentication because the user is not prompted to login and you can still
limit ad-hoc database access.
--
Hope this helps.
Dan Guzman
SQL Server MVP
"tgru" <tg**@devdex.com> wrote in message news:42********@127.0.0.1...
Thanks, that does help.
What credentials are used in the connection string? i.e. does a login
have to be created for the application as well? Or is the connection
string created with the application users credentials? Seems that you
would have to manage the individual users logins as well as the app role
at that point...
1.) establish oledb connection with SQL login credentials.
2.) call sp_setapprole with app role credentials.
I don't know why the original message in this thread keeps getting
posted every ten minutes!!! I only hit submit once, and then closed
that browser session!!
Thanks,
TGru
*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!