I'm a software developer finishing a web application. The app uses the database "DB1" in my SQL Server 2008 "SQLServer_1".
I would like to create a limited user that the web app will use in its connection string. This users will be allow to execute a list of stored procedures, nothing else. So the user shouldn't be allowed to execute adhoc SQL or other stored procedures out of that list.
I have a little mess between "user" and "login", I don't really know where should I create the new "account".
Which are the steps I should follow?
Thanks in advance.