Role based permissions at DataSet level

JeffGriggs1 · ‎03-09-2011

Does anyone know if it is possible to grant permissions at the DataSet level based on a role instead of individual users?

Thanks,
Jeff

VinceAngelo · ‎03-09-2011

The grant and revoke API functions accept roles in the "user" parameter.
I always grant access through roles.

- V

JeffGriggs2 · ‎03-16-2011

Thanks Vince!

RandyKreuziger · ‎03-17-2011

Roles are the way to go.

Now is anyone mapping windows groups to roles rather than adding the users to the database and assigning the database user to roles?

For example
Windows group Parcels --> SQL role Parcels
instead of
SQL users Joe, Ted and Max ---> SQL role Parcels

Our business IT group is going that way so I'm going alway with it. But when I added all my windows users to SQL I could bring up their userid and see all the roles that user was a member of my database. With windows groups I have to query active directory which generates a list of all groups the userid is a member of. These include email groups, project groups etc. It just isn't very clean.

RobertHu · ‎03-17-2011

Yes, I map domain groups to DB roles in my publication GDB (read-only).