Microsoft Access Workflow Designer for Microsoft SQL Server™ integrates the security environment in Microsoft Windows NT® and SQL Server, which is stored, managed, and enforced through a hierarchical system of users. To simplify the administration of many users, Windows NT and SQL Server use groups and roles.
A group is an administrative unit within Windows NT that contains Windows NT users or other groups. A role is an administrative unit within SQL Server that contains SQL Server logins, Windows NT domain accounts, groups, or other roles.
Arranging users into groups and roles makes it easier to grant or deny permissions to many users at once. The security settings defined for a group are applied to all members of that group. When a group is a member of a higher-level group, all members of the group inherit the security settings of the higher-level group, in addition to the security settings defined for the group itself.
With this security strategy, rather than assigning permissions to each user for each object in your team solution, you assign permissions to a few roles in the solutions. These roles are associated with SQL Server logins and Windows NT accounts. Then, you can add users and groups to the appropriate roles. Users automatically inherit the permissions associated with any roles to which they belong.
Tip To simplify user administration, it is recommended you create a Windows NT group for each of your solution's roles and add that group to the solution, rather than adding each user individually. Then, you can add or remove users from team solutions by managing the membership of these Windows NT groups. You also can use the same groups to set permissions on other network resources, such as file shares and printers.
The security architecture of Windows NT and SQL Server is based on an organizational hierarchy. This hierarchical system of security groups simplifies management of security settings. It makes it possible for security settings to be applied collectively to all group members, without having to be defined redundantly for each person. The hierarchical model also accommodates security settings applied only to a single user.
Employees often must belong to security groups that do not fall within the strict organizational plan of the company. For example, administrative staff exists in every branch of the company and requires security permissions regardless of their organizational branch. To support this broader model, the security system in Windows NT and SQL Server makes it possible for groups to be defined across a hierarchy as well. For example, an administrative staff member can belong to an Administrative group, a department group, and a corporate group.
This section covers some basic information concerning the security environment required for team solutions. Many of the security issues must be dealt with directly in either Windows NT or SQL Server. For additional information about security options, see the documentation for Windows NT and SQL Server.
| For information about | See |
| The types of users and roles, their responsibilities, and permissions | Security Categories in Access Workflow Designer |
| The integration of Windows NT and SQL Server security | Windows NT and SQL Server Security |
| How to create user and group accounts in Windows NT | Creating Windows NT User and Group Accounts |
| How to create new SQL Server logins based on Windows NT accounts | Creating SQL Server Logins |
| How to give users permissions to use a team solution | Creating Team Solution Database Users |
| How to create database roles in your team solution | Creating Database Roles |
| How to add users and groups to the database roles for your solution | Assigning Users to Database Roles |