The recommended approach is to wrap all access to data inside stored procedures and then call the procs from your application. This requires permissions on only the stored procedures and NOT the underlying tables which gives you a much more secure application. It also makes your application more dynamic, because as long as the interfaces to the stored procedures don't change, you don't have to modify your application.
For More Information
- Dozens more answers to tough SQL Server questions from Michael Hotek are available here.
- The Best Microsoft SQL Server Web Links: tips, tutorials, scripts, and more.
- The Best SQL Web Links
- Have a SQL Server tip to offer your fellow DBAs and developers? The best tips submitted will receive a cool prize. Submit your tip today!
- Ask your technical SQL Server questions -- or help out your peers by answering them -- in our live discussion forums.
- Ask the Experts yourself: Our SQL, database design, Oracle, SQL Server, DB2, metadata, object-oriented and data warehousing gurus are waiting to answer your toughest questions.
This was first published in August 2002