Security: Data level or function level?

G

Guest

Our company has a fair amount of data on our MSSQL server
and I'm planning to use either VB or Access to write some
frontend applications to access them.

However, I'm not sure whether I should establish my
security model on the data level (relying on SQL's
security and policies) or rely on a function-based model.
By that I mean I control who gets to use which function
in order to access the data. I can create another table
in SQL to store which group of users can have specific
access rights to a function.

The pros and cons I have come up with on the function-
based model so far:

Pros:
Easier to define than SQL's data level
More varied types of access rights

Cons:
WAY less secure than SQL's security model

Comments are most welcomed.
 
M

Michel Walsh

Hi,



If you don't do it at a data and database level, your data won't be
secure from other applications. Anyone would be able to connect to your db
and read all the data, as long as they would not use your application! Is
that what you are ready to get?



Hoping it may help,
Vanderghast, Access MVP
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Security: Data level or function level? 1
row-level asp.net security 2
import all object including user level security 2
Security: installation level or database level? 3
How to test Excel 2003 & 2007 macro security level 5
Programatically open Access DB with user level security 1
Access 2007 .ACCDB User Level Security? 1
Implementing User-Level Security 3

Top