Hi guys,

We have a scenario where there are about 50 tables in our database and we want to build an intranet web application for users to with the office to access those tables.

Users ability to access tables falls into diferent category:

• Some users can NOT view some tables at all
• Some users can ONLY view some tables but not insert/update any field
• Some users can view and also insert/update some tables (in the same time they might not have view(select) permision on some other tables)

Now, what is the right way to implement this.

I say we have to have a Role, RolePermission, User, UserPermission inside our database to implement this (something which would look like the Roles and Users inside MSSQL) and we only have one user for our Database (MachineName/ASPUSER) to access the database and all the tables within

My colleague says NO, instead of creating all these tables and implement this, we add every user of our application as a Database user inside MSSQL in the Databse Users.

All the web application I have seen so far, DNN, CommunityServer, ... the have tables to implement all these and they don't add users inside the MSSQL.

Now which way is the way to go with, and what problem might we fall into if we use SQL users, is this possible at all. How can I convince him that we have to make and use our own tables to manage this.

 Thanks for any help,
Mehdi

If you are using asp.net 2.0 you can use login controls and restrict the users to access particular forms.

Other way is to use Windows based authentication.  As you are creating Intranet based application...every user will have windows ID. You can restrict the user to access the database.

To learn about Windows Based Authentication, visit the following link:

http://msdn2.microsoft.com/en-us/library/aa480475.aspx

To learb about login controls, watch the video tutorial for Membership and Roles

http://www.asp.net/learn/videos/default.aspx?tabid=63#howdoi