"Jack" <no@mail.com> wrote:
>
>I'm ramping up on MTS and have some confusion on the use of the security

model.
>
>Tell me where I go wrong:
>
>When the client program (object) connects to the MTS object, it is authenticated
>to a role based on the user's NT account (i.e. user name/password). Now
>it is discouraged to use impersonation to authenticate to the third tier
>(i.e database) because of overheard. So how does one ensure that the user's
>role has permission to talk to the third tier? Is it setup simply such

that
>if the user can access the component, they can use it's functionality or
>can the model be extended such that the DB further authenticates based on
>the role? For example, can the DB be aware of the role also authenticate
>on it's own using the role? For example, if a component has the role "accountant"
>can the DB's security be set to lock out the "accountant" role? I imagine
>the DB cannot be made aware of the role but I would appreciate clarification
>on this point.
>
>Another way to frame this question is: With impersonation the 2nd tier

and
>the third tier each authenticate the user. When a role is used, the 2nd
>tier authenticates the user but what happens in the third tier? Does/can
>the third tire authenticate the role?
>
>Thanks,
>Jack
>