I am trying to model a User Authentication module for a MS SQL Server database that will be the back end to a Delphi UI Application. Basically, I want to have user accounts where the user belongs to only one group. A group can have “n” number of rights.
I also want to add password history to the database, as the user will be required to change their password based on a application setting (example, every 90 days).
I also want to log an event for each time a user logs in and out. I may extend this to additional events in the future.
Below you will find my first crack at it. Please let me know any suggestions to improve upon it, as this is my first time doing this.
Do you see any need for additional attributes for role-based security and constraints for the password rules/expiration periods?
Can you just build this on top of Windows Integrated Authentication? That would simplify your design somewhat.
What I have done in the past is to use db roles for user rights and then pass back a list of granted roles to the application. This means that data entry and retrieval is enforced by the back end and the application can enforce whatever it wants on the front end. It also allows you to outsource the rules to some external source (in that case the Windows domain).