The PT Admin application uses a trust relationship between an administrator's Microsoft® Windows NT® or Windows® 2000 user account (or group) and Microsoft SQL Server™. Now the LitWare designers need to create a security plan for the SQL Server installation where the Eval database resides and for the database itself. People who are not necessarily users of the PT application might have legitimate needs to access data in the Eval database. They might need to write reports, run queries, and so forth. In addition, the application has no Web page for entering grades and grade scales; users enter these directly into their respective tables in the Eval database. SQL Server 7.0 provides fixed database roles such as db_owner, db_accessadmin, db_securityadmin, db_ddladmin, db_backupoperator, db_datareader, db_datawriter, db_denydatareader, and db_denydatawriter. The SQL Server documentation explains these roles in detail. The designers need to define access for administrators.
Administrators of the PT application have permissions on tables because they can access all rows in a table. However, administrators do not have access to two tables: the Logon table and the PersonActivity table. Denying access to these tables closely reflects the role of the administrator (see About the Administrator Role) and keeps logon information safe. An approach that makes security for this group of users very easy to manage is for an administrator to create a SQL Server role and assign it to all application administrators.