Should I be checking permissions in my stored procedures or should I be checking them in my application?
For example, lets say there is a permission for managing user accounts. The permissions might be: View, Create, Edit, Delete.
Is it better to check those permissions in my application and allow only stored procedures to be called that do the allowed actions or should I verify the user's permissions in the stored procedure before allowing the user to view, add, update or delete the record?
As an FYI, I have over 200 user permissions that will be managed in this way.
For example, lets say there is a permission for managing user accounts. The permissions might be: View, Create, Edit, Delete.
Is it better to check those permissions in my application and allow only stored procedures to be called that do the allowed actions or should I verify the user's permissions in the stored procedure before allowing the user to view, add, update or delete the record?
As an FYI, I have over 200 user permissions that will be managed in this way.