Just like in any other user/role based system, you can assign users to roles and rights to the roles so that you don't have to assign specific rights to individual users.
For example, there is a role in sql server called "data_reader". That role has rights to read data from objects in the database. Instead of assigning each user read rights to individuals tables you could make them a member of the "data_reader" role. If you need to restrict a user's rights to specific objects (sprocs, tables, views) then you may need to remove them from a role with more rights and assign them very specific rights.
I have found in my work building database based applications that I don't do much specific permission management because the application abstracts the access to the database and controls what a user can or can't do. For example, a management section of a web site is only accessible to users in the application's "management" role (app role control, not sql server role control). So the web application accesses the database with a single database user which requires rights to everything used by the application.
Database security is a very broad subject. There are many books available on it and much online as well. I'd recommend doing some searching and reading online to get an idea of where you need to start.
-Peter
|
