Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
Author |
Topic |
MikeB
Constraint Violating Yak Guru
387 Posts |
Posted - 2004-05-12 : 16:19:30
|
If I create a role, apply permissions to execute a stored procedure, but do not give the "role" permission to update, insert, delete on the table the stored procedure acts on, will the update, insert, or delete still be successful?In other words, my front end application works with stored procedures only (pretty much any way) so I will set permissions on the stored procedures, but not on the tables.Is this OK? Otherwise it seems as though I am doing twice the work I have to!Mike B |
|
tkizer
Almighty SQL Goddess
38200 Posts |
Posted - 2004-05-12 : 16:28:50
|
If you do not grant explicit permissions to the tables, then the user will not be able to modify the data except through your stored procedure. Which is what you want and have implemented! The only time that you need explicit permissions on the tables is if you are using dynamic sql in a stored proc.Tara |
|
|
ravilobo
Master Smack Fu Yak Hacker
1184 Posts |
Posted - 2004-05-13 : 11:17:50
|
quote: Originally posted by MikeB If I create a role, apply permissions to execute a stored procedure, but do not give the "role" permission to update, insert, delete on the table the stored procedure acts on, will the update, insert, or delete still be successful?In other words, my front end application works with stored procedures only (pretty much any way) so I will set permissions on the stored procedures, but not on the tables.Is this OK? Otherwise it seems as though I am doing twice the work I have to!Mike B
What you are saying is correct.The owner of SP and table should be same. Refer ownership chains in BOL.------------------------I think, therefore I am |
|
|
|
|
|
|
|