Just wondering how others have solved this
Some background:
We have a decent number of users for our SQL Server around 2000, with a minimum of around 500 active at any one time. We have I believe 4 clusters and around 10 other non clustered servers, with about 5 databases on average per server. Our 'primary' cluster and DB has around 900 tables, 1600 procs, 500ish functions, and a few views, though they are avoided due to the performance issues of filtering data with them.
Issue:
Our issue revolves around security, and how to block ad hoc queries for performance reasons. Pre LLBLGen we primarily used stored procedures and around 100 permission groups (addative and subtractive) with windows authentication to restrict users.
The move to LLBLGen removes the need of many of our stored procs but will eventually create a nightmare management problem if we manage all the permissions on the tables, it was already bad enough on the stored procs.
Our current solution for 'data miners' i.e. ad hoc queries is currently we have a SQL Job that runs periodically and searchs for these connections and kills them off, not the best answer but mostly works.
Solution on the table:
In the future we are considering using Windows Authentication to hit our deployment database where it can pull down an encrypted SQL Login/Password to connect to our other databases, this obviously has some disadvantages as well but solves our biggest performance issue of the ad hoc queries, and removes a lot of the maintenance issue with the number of tables we have which is expected to grow substantially, by placing the burden on the application and what functionality they can do instead of restricting tables/procs, and denying all Windows Auth access.
So I'm curious does anyone else have a large SQL Server system where you need to block ad hoc queries and direct table access and how you addressed it.
I've also looked at application roles but the whole connection pooling doesn't work with it really bums me out as a possible solution.
Thanks
John Gooding