We are using app roles on 2005 and 2008 R2 for a large application. We just recently needed for the application to read some data from
a second database on the same server. The only way that I can see to do this (other than ‘execute as’), is to enable the guest user in the second db. There will be no guest login. The data in the second db is all publicly available data, so I am
not concerned about all logged in users having access to this data. We would only grant guest in that db select and execute rights on specific objects in that DB.
Is there anything that I ought to be worried about? Does enabling the guest account in one db marginalize the security of any other
db on the server?
View Complete Post