The SQL Server 7.0 security model supports Windows NT-based users and groups and supports SQL Server users and roles.
By improving integration with Windows NT, SQL Server 7.0 provides increased flexibility. Database permissions can be assigned directly to Windows NT users or groups, and you can define SQL Server roles to include Windows NT users and groups and SQL Server users and roles.
A SQL Server user can be a member of multiple SQL Server roles. This allows database administrators to manage SQL Server permissions through Windows NT groups or SQL Server roles, rather than directly through individual user accounts. System-defined server and database roles such as the dbcreator, securityadmin, and sysadmin fixed server roles provide flexibility and improved security.
A user passes through two security stages when working in SQL Server 7.0: authentication and permissions validation. The authentication stage identifies the user accessing a login account and verifies only the ability of the user to connect with SQL Server. If authentication is successful, the user connects to SQL Server. The user then receives permissions to access databases on the server by using an account in each database mapped to the user's login. The permissions validation stage controls the activities the user is allowed to perform in the SQL Server database. You can bypass this account mapping by granting permissions directly to Windows NT groups or users.
When users connect to SQL Server, the activities they can perform are determined by the permissions granted to their security accounts, Windows NT groups, or role hierarchies to which their security accounts belong. The user must have the appropriate permissions to perform any activity. The ability to assign logins and specify permissions is provided by SQL Server Enterprise Manager, Transact-SQL, and SQL-DMO.
Sybase Adaptive Server Anywhere 6.0 provides limited support for Windows NT-based integrated security. Although login rights can be granted to Windows NT users, they cannot be granted to a Windows NT user group. This means that every user must be entered individually, regardless of whether database security or integrated security is used.
In addition, Sybase Adaptive Server Anywhere 6.0 does not support database security roles, which makes it more difficult to set up an application's administration infrastructure.