| Author |
Messages |
|
serg
 |
| 11/29/2002 2:58 AM |
 Quote
 Reply
 Alert
|
| I have discovered that when i am switching connection to application role it has all permissions of public role in current database. Is it correct? In BOL i have found that it should have permission of guest account. But i do not have a guest account in current database. Is the public role and guest account the same?
I thought that public role is default permissions for user. But when i switch to application role all defaults should be droppped. Am i wrong?
Thanks. |
|
|
|
|
Chip Andrews
|
| 11/29/2002 8:41 AM |
Quote
Reply
Alert
|
| Yes, authenticated members of an application role do gain public permissions. All authenticated users are members of the public role so there should be no surprises here. The "guest" permissions are reading in BOL refers to a special case where you want to refer to data on OTHER databases after authenticating to an application role inside a database. You do not need a guest account if your application role is only using the database in which it is defined.
The public role is the default permission for ALL users (even an application role). Switching to an application role only changes the security context so that a login who does not have access to the database can then gain access through the role. This keeps users from being able to attach databases through MS Access or Excel.
Is this making sense? |
|
|
|
|
|
|
|
|
|
Quick Reply |
 |
|
|
|