>In my current project a user should only be allowed to delete a record that they created... but they have permission to view all records regardless of who created them. I've discovered how to determine the current username via CURRENT_USER and am using that to insert into the appropriate record who the record belongs to. So here's the question:
>
>Is security-by-record-ownership a roll-your-own type solution or does SQL Server (I'm using 2008) have something built in for this?
Are you using Windows Authentication or SQL Server Authentication?