Developers commonly want to ensure that a user accesses only the data through their application. After all, not every person should be let near a server with Microsoft Access. However, if a user has a valid login, there is nothing to stop him from viewing the data through any tool that he chooses. In version 7, SQL Server has added the concept of an application role, which allows you to create a role for your application and grant only this role the proper rights. Unlike other roles though, this role requires a separate password authentication before granting the rights associated with the role. So, the user can log in with his own ID and password. However, in your application, you use the sp_setapprole with a password that only you and your application know to activate the proper rights. Although the user will be able to log in to SQL Server through another tool, he will not be able to do anything without knowing the password for the application role.