Individual user schemas vs schemas based on functions.

Discussion created by orivero on Oct 6, 2010
Latest reply on Nov 18, 2010 by orivero
We are working setting up and enterprise system with both web applications as well as desktop users.  We are confronted with a choice on how to grant access to desktop users and are evaluating a few options.

1) Create schemas for each individual accessing the database (for example MARY, PAUL, JANE). Classify the users in categories based on their functions in the organization and use roles to control their level of access to the data.

2) Create a limited number of schemas based on functions(reader or  editor). Create roles based on the the schemas that own data and grant the roles to the  READER or EDITOR schemas.  For example if the data is under the VECTOR schema  there would be a Vector_read_role granted to the READER schema.

I favor option 1 because I believe it gives more granular control of privileges, can be configured to use OS authentication, versions are identified with the user name among others.   I think though that option 2 is much easier to implement and administer than version 1.

Does anyone know of best practices on this issue?  Any ESRI whitepapers or documentation making recommendations or at least saying what is the most comon practice.