John Kelley
 |
| 10/24/2001 10:11 AM |
 Quote
 Reply
 Alert
|
| Would I be creating any vulnerabliities in SQL Server 2000 by setting up the NT global group DOMAIN USERS with datareader access to a database? We have an application that we want to make available to everyone in our organization. There are many other databases on the SQL Server, but DOMAIN USERS only has access to 1 database on the SQL server. |
|
|
|
|
Chip Andrews
|
| 10/24/2001 10:43 AM |
Quote
Reply
Alert
|
| Not as long as you understand that those users can read all data from any user-created tables in that database.
If you change your mind later you will have your work cut out for you. Also, this does not necessarily give them access to the stored procedures that may give you more controlled access and better performance.
|
|
|
|
|
John Kelley
|
| 10/24/2001 10:55 AM |
Quote
Reply
Alert
|
| Thanks for a quick response. I understand all of the facts you have presented. Incidently I finally got the book you recommended and will start reading it soon - once I get some time whenever that will be! |
|
|
|
|
Karen Nelson
|
| 02/15/2002 9:03 AM |
Quote
Reply
Alert
|
| Down the road, if you want to have private areas in your database, you will find it hard to restrict access because if you deny Domain Users access, you will deny just about everyone. Implementing role-based security takes planning. |
|
|
|
|