We have a need to build an EXE app that runs on a customer's server that accesses our Multi-Tenant SQL database.
We have a Column SubscriberId for each table that we use in our web app to limit users to just the records that belong to their SubscriberId - which works perfectly fine (on our servers).
We have an Exchange to SQL service that runs on our server that sync's Exchange Contacts and Appointments to our SQL tables. An issue is that we need customers to grant us the Exchange 'ApplicationImpersonation' role for us to access the data on their server - which means we have access to their whole Exchange database store.
Most customers have been willing to allow us that access level, but a few don't want us to have that level of access - and that's understandable.
Our sync app is a C# .NET console app, and we want to adapt it so we can have end-users install the app on their server and have it sync with our server remotely.
THE QUESTION: Is is possible to create a user on SQL Server 2008R2 that only has access to the rows for that user filtered WHERE SubscriberId = 201 (for example).
We would allow port 1433 access to their server and the user/password would be used in the connection string in the App.config.
If so, we can create an admin panel in an Windows exe app where they setup that SQL User/password and their Exchange Super-User. Then they can remotely sync - but only see their own records in our SQL database.
Otherwise, it seems we would need to re-work the app to use an API and an alternate security scheme. That would obviously be a lot more work :-(
Thanks, Charles
