I need an answer to the design of an application with Microsoft SQL Server 2008 R2 and Active Directory as the security model.
We have roles in the application for groups of users:
The Manager role is an Active Directory Security Group and added under "Security/Users" in SQL Server.
We assign each role various permissions on stored procedures so they can peform their job function.
THIS WORKS PERFECTLY!
Recently we expanded our application to multiple databases. We also ran into the isuse where some users are allowed access as a Manager to one database and not another. Some Managers require access to all databases.
How can I plan the user management so that all users are restricted to one database and a role?
Can I use the existing Active Directory and use a clever design or do I need to change the code?
What I have been told by my developers is this which I don't like!
I would have to created many security groups and assign users individually based on database and role.
and then map these roles to each of the databases. It would also mean having to add users multiple times. Considering we could be expanding to 30+ databases this seem very messy to me and not the best design.
I would appreciated you knowledge and experieince on this problem.
Thanks in advance.