PMFJI, but...

SQL Server does allow something called an Application Role to be used for access to data. In other words, you can still grant user's access to the server (perhaps you need to based upon group membership) but deny them access to sensitive tables. But when the user runs the application, a stored procedure is executed (which encrypts the password used) to reassign that user's connection permissions. Seems pretty cool. Look at "Application Security and Application Roles" under books online for more info.

>>I have heard that oracle and SQL server7 onwards have application specific rights. These can be more helpful for internet.<
>
>This may be so to the extent that I can configure a Role and use that Role to convey specific rights to data. However, I can create a fictitious user on NT and grant rights consistent with a specific app, and have the app impersonate that user. I'm thinking here of an COM object that is only able to get at files it needs.