Hi,

I'm new to the Entity Framework and I have a question about the benefits of EF.

I've always thought that the most secure way to access data from the database was to use stored procs and assign execute permissions to these procs and never assign permissions at the table level...but with EF...this is the way it's done. Are there any issues with doing it this way?

Is the Entity Framework really the way to go? Are there any downfalls to using EF?

Thanks

I hear that a lot from DBAs they are the most worried about it. I am not sure I have the best answer, but no it is not handled with stored proces and permissions on those. In fact I have always wondered what assigning permissions via stored procs really bought you anyway.

But I think the real answer lies in the fact Entity Framework is an ORM, and as such you are programming against a data model and not a database. The data model and your business layer should handle the security for you and it is not really that hard to program. The main idea being all the business logic resides in the Business Layer and the EF is the DAL. You should have all the security logic in your BLL, not the data store.

I hope this all makes sense to you. It certainly will not make a DBA happy to hear that, but my personal belief is their roles will be drastically changing in the coming years as ORMs start becoming the defacto standard.