posting again

Hi,
I do not see any guideline or a thorough article for ISVs who will be using MSDE for deploying their application on desktops using application security roles. There definetely is information here and there but a comprehensive writeup is needed. Any plan
s by any of you SQL Server gurus.
Thank you
Read the BOL about database security roles. There should be all the
information you need. In general you define the security roles you need
based on your application security model. Then set the permissions to your
database objects using the roles. Users of the database are then give a role
membership, rather than explicit permissions.
Jim
"qa" <anonymous@.discussions.microsoft.com> wrote in message
news:30E7FFAA-A6C6-4333-B3AD-382B25689330@.microsoft.com...
> Hi,
> I do not see any guideline or a thorough article for ISVs who will be
using MSDE for deploying their application on desktops using application
security roles. There definetely is information here and there but a
comprehensive writeup is needed. Any plans by any of you SQL Server gurus.
> Thank you
>
|||can all this be done even if I am using the integrated security. See I am implementing my own custom identity and principal classes and here is how it works:
1> my app's first screen will be the login screen.
2>once the user enters the username and password, these 2 fields will be verified from a table in my app's database. If the user does exist in the table then I assign this user as my app domain's current user and use it's id for further interaction with
the objects in the app. I even read the roles the user is part of from a role table, for e.g. dataentryclerk, poweruser etc.. these roles will be used to control the app's UI behaviour too.
3> I am using integrated security to access the database but instead of windows giving me the current user's id token, I am using my role based security (as explained above) and assigning the currect user to the app domain.
This was needed because it is not necessary that every user who accesses my app will be a windows user. My app's requirements state that anyone who has been entered in the database (we will provide a UI to enter users and their passwords) can access the
application.
So in this situation, how can I protect my database, tables and stored procedures from anyone who has some MSDE Manager type of tool.
sql