>In my current project a user should only be allowed to delete a record that they created... but they have permission to view all records regardless of who created them. I've discovered how to determine the current username via CURRENT_USER and am using that to insert into the appropriate record who the record belongs to. So here's the question:
>
>Is security-by-record-ownership a roll-your-own type solution or does SQL Server (I'm using 2008) have something built in for this?
See my other reply. I think you will have to track the creater in the record yourself with a column for it and verify it matches the current user before allowing a delete (control it from your app). Unless you have Microsoft Dynamics NAV?
.·*´¨)
.·`TCH
(..·*
010000110101001101101000011000010111001001110000010011110111001001000010011101010111001101110100
"When the debate is lost, slander becomes the tool of the loser." - Socrates
Vita contingit, Vive cum eo. (Life Happens, Live With it.)
"Life is not measured by the number of breaths we take, but by the moments that take our breath away." -- author unknown
"De omnibus dubitandum"