Is SQL Server/Windows integrated security good for anything?

Question

The distinctions among Windows user permissions and any set of SQL Server GRANTs seem like unrelated concepts. As often as not, it seems to actually be implemented with pseu

Answer 1

Integrated security is only really useful for intranet apps. The pseudo logins I've seen are mostly for internet web applications.

Anyway, It's more than just not storing a password in your app, since hopefully you'd be salting and hashing your password anyway. There's also:

1. The user doesn't have to log in, which is a big deal, if you are jumping into a webapp sparadically throughout the day, or work somewhere that has multiple internal webapps.

2. User management is free, since the IT admin only has to edit the user in Active Directory.

3. User names and Role names are consistent throughout the organization.

4. User impersonation is a more secure method when accessing an internal webservice. (for example; an internet website accesses an intranet webservice)

5. The web application doesn't need to do anything extra user authorization on the database, since it's all handled seamlessly.

6. [EDIT] You also know the user in your database objects. So you can have a view only return rows associated to them. (unless you create a new SQLServer user for each app user, this would be impossible, and creating a new SQLServer user for each app user is also unreasonable)

Integrated security isn't right for everything, but for the enterprise, there's a lot of value add.