> Most of the apps I work on authentication is handled at
> application layer, not
> the database layer.
>
> Is this uncommon to everyone else?
>
> More or less the DB is just persistent storage.

Yes, in my experience the security model provided by the RDBMS is often
lacking in features needed to fullfill the requirements.  This is
particularly true when there security at the row or column level.

However, I think the RDBMS is more than "persistent storage".  It provides
ACID transactions, transaction processing monitor, backup/recovery, a
declarative query language, referenctial integrity, query optimization, etc.

Mike