We’re in the process of developing a simple webapp that will be made available on our intranet. Access to the app will be controlled with a “user” table: If your network login is present in the table, you can use the app.
The app, itself, will make use of a SQL database. In our current dev setup, we’re all admins of the dev database, so we have complete access. When this gets deployed to Production, however, we’ve got a couple of options for authenticating to the database.
Does it make sense to grant each appropriate user his or her own credentials on the data, or should the users all share a single application-level user account on the database?
Creating separate user accounts for each app user complicates things in my experience. If there isn’t a security specification you have to design to, I would create a single logon for the app, create a database role, grant permissions to the role, and add the logon to the role.
You can still audit user actions if you use this method by passing user names as input parameters on your stored procedures.