Re: Database Hosting

Joshua J. Kugler wrote:

> Murdoc wrote:
>
> > Hi all,
> >
> > Our company is about to embark on rewriting our entire application to be
> > truly client/server based, and bring the UI up to .NET. One of the
> > additional services that our CEO wants to provide is the hosting of the
> > software ourselves (to save our smaller clients the licensing costs of the
> > database server software, etc).
> >
> > However, the proposed solution to this is to simply have a single database
> > with every client's data in it, and add a 'client-code'/'client-id' field
> > to EVERY single table in the database.
> >
> > Now, to me this seems to be a seriously flawed method of doing it, when a
> > much simpler option (one database per client) is available.
> >
> > What are your thoughts, and how do other companies provide a similar
> > service?
>
> How is security laid out? Is it table or row based permissions? If it is
> table based permissions, a user could log in with another client for your
> SQL server and issue queries on data that does not belong to them. I would
> *highly* recommend doing one database per customer. Security (in my mind,
> anyway) will be greatly simplified.
>
> j

Row-based. Every user has access to every table, but the data that can be accessed within that table is dependant on which company the user belongs to.

Sorry, I should have specified that.

For example, given the following:

	Adam belongs to Company 'A'
	Bertha belongs to Company 'B'

Adam would only be able to access records within a table with the Company code of 'A'. Similarly, Bertha would only be able to access records with a Company code of 'B'.

I totally agree with you, in that one database per customer would be so much simpler. Backup and restore can be done individually, load balancing can be done by simply moving the higher load DBs off onto another server.

The problem is, convincing management of this.

--