I’m simulating a e-commerce platform, user registers and it can be a normal user(buys products only) or a shopkeeper(owns a shop on the platform and sells products to all the users including the normal users and shopkeepers). and I wonder if a user registers, should the system creates a login(CREATE LOGIN @login_name WITH PASSWORD = @password) and a user(CREATE @usr_name FOR LOGIN @login_name) for it? and is it possible that all the functions are implemented as a dbo and integrate them to a client application(desktop client or web app)?
I’m simulating a e-commerce platform, user registers and it can be a normal user(buys
Share
unless you are giving the end users direct access to the DB – then users should be maintained and provisioned for your web app only and not allow access to the DB. What you could do (and probably should) is create a tiered user level of accounts for the DB so that you are not just always using the sysadmin to run your simple retrieval / update queries from your web app – just my opinion
(moved from comment to answer)