What are application roles?

What are application roles?

Rating:

Application roles restrict users to access data through a specific application only. Database permissions can be gained only by using specific applications and a user cannot logon directly to a database.

Application security and Application roles contain no members. Users, Microsoft Windows NT groups, and roles cannot be added to application roles. The permissions of application roles can be achieved when the application role is activated for the user's connection through a specific application. A user's association with an application role is due to the capability of running an application that activates the role, instead of being a member of the role. It is necessary for a connection to lose default permissions applied through the login/user account or database roles for the duration of the connection, and gain the permissions associated with the application role, so that all functions of the application can be performed without any permission conflict. For example, if a user is denied access to a table the application must access, the denied access should be revoked for the user to successfully use the application. Application roles overcome any conflicts with user's default permissions by temporarily suspending the user's default permissions and assigning them only the permissions of the application role.

Rating: