A question for question,
do you trust everybody on the LAN? Or, are they just allowed to read the information and not do other stuff? One simple way to do is, provide a report-like interface to the users and ask them to enter their own credentials—the user accounts that are created inside the database—and manage what areas do they have access to. Several database engines provide this, and yet this is so far the simplest way to do this with only the database engine.
Yet another way to do this would be to write a web interface, like
ASP.NET based Web API (
since you are talking about WinForms), where they can consume the backend services for the database. The main features that a web interface would provide would be,
- Quick and easy access via any web browser.
- Manage who can access the resources, and caching, cookies, and JWT can be applied easily.
- Nobody has direct access to the database—most important one!
In the database, the major issue is, and especially those databases that are accessible on the network, that anybody can access the tables directly. Which is the worst way of providing the services that are depending on the database. Just imagine, what a person can execute on the database. I will leave you with that.
Although you can argue, that a temporary table can be generated, or a read-only table can be generated. But trust me, a web interface is an easy way of doing things. If I had to develop this kind of a system, I would be investing my time and effort in a good web front-end, that abstracts away the direct access to a database, and uses a read-only user account (can be controlled via a connection string) for non-admin users, and an admin or write-access provided account for the admins only. This can easily protect you from SQL Injection, in case you do write a bad query, since users won't have a write access at all.
Although this seems like a big thing, what I said, in a nutshell is, create separate accounts with read, or read-write access, then use those accounts for each individual user to access the resources from backend.
ASP.NET Web API | The ASP.NET Site[
^]