Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
vrabasseda
Starting Member
4 Posts |
 Posted - 2009-01-26 : 19:15:43
|
| HelloI'm rather new at SQL Server, although I'm Oracle expert.In Oracle I create several users like this: tableCreator granted to create table, create sequence, create trigger and session.Once this user finished creating tables he granted select, insert and update permissions on tables to Procedure that is the next userProcedure creates then procedures and is granted to create procedure, create view, select any sequence and so on. But deny to delete on any table.Then several users have quota 0 on de default schema and are granted for only execute procedures that make the job of insert, select and update.The permission for insert, select and update on tables owned by tableCreator is encapsulated by Procedure and users have no permission to select, insert or update by themselves.I tried to do the same in Sql Server. All run ok till I executed the insert procedure. It seems my user needs select, insert and/or update permissions on tableCreator tables to execute the procedure.I don't understand this. Am I wrong or an user needs more than execute permission on a procedure that inserts data in a table to execute it?Thanks<i>V Rabasseda </i> |
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
|
|
vrabasseda
Starting Member
4 Posts |
Posted - 2009-01-28 : 14:45:59
|
| Hello.Thanks for answering my question.Indeed I solved it. Here's the code and some questionsConnecting as DBA (Assuming there's a [Victor] database)use victorgocreate schema schTestgocreate login l1 with password='victor', DEFAULT_DATABASE=victorcreate login l2 with password='victor', default_database=victorcreate login l3 with password='victor', default_database=victorcreate user creataules from login l1 with default_schema=schTestcreate user procediments from login l2 with default_schema=schTestcreate user useradmin from login l3 with default_schema=schTestgrant create table to creataulesgrant control on schema::schTest to creataulesgrant create procedure to procedimentsgrant alter on schema::schTest to procedimentsgrant references on schema::schTest to useradminnow connecting as creataules (login l1)USE [Victor]GO/****** Object: Table [schTest].[Logs] Script Date: 01/27/2009 21:09:04 ******/SET ANSI_NULLS ONGOSET QUOTED_IDENTIFIER ONGOCREATE TABLE [schTest].[Logs]( [idLogs] [bigint] IDENTITY(1,1) NOT NULL, [proced] [nvarchar](50) COLLATE Traditional_Spanish_CI_AS NOT NULL, [data] [datetime] NOT NULL CONSTRAINT [DF_Logs_data] DEFAULT (getdate()), CONSTRAINT [PK_Logs] PRIMARY KEY CLUSTERED ( [idLogs] ASC)WITH (PAD_INDEX = OFF, IGNORE_DUP_KEY = OFF) ON [PRIMARY]) ON [PRIMARY]/****** Object: Table [schTest].[Parametre] Script Date: 01/27/2009 21:09:12 ******/CREATE TABLE [schTest].[Parametre]( [idLogs] [bigint] NOT NULL, [idParametre] [int] NOT NULL, [nomParametre] [nvarchar](50) COLLATE Traditional_Spanish_CI_AS NULL, [tipusParametre] [nvarchar](50) COLLATE Traditional_Spanish_CI_AS NULL, [valorParametre] [nvarchar](256) COLLATE Traditional_Spanish_CI_AS NULL, [sentit] [int] NULL, CONSTRAINT [PK_Parametre] PRIMARY KEY CLUSTERED( [idLogs] ASC, [idParametre] ASC)WITH (PAD_INDEX = OFF, IGNORE_DUP_KEY = OFF) ON [PRIMARY], CONSTRAINT [FK_Parametre_Logs] FOREIGN KEY([idLogs]) REFERENCES [schTest].[Logs] ([idLogs]) ) ON [PRIMARY]GO/****** Object: Table [schTest].[NumeroTexto] Script Date: 01/27/2009 21:09:09 ******/CREATE TABLE [schTest].[NumeroTexto]( [numero] [int] NOT NULL, [texto] [nvarchar](50) COLLATE Traditional_Spanish_CI_AS NULL, CONSTRAINT [PK_NumeroTexto] PRIMARY KEY CLUSTERED ( [numero] ASC)WITH (PAD_INDEX = OFF, IGNORE_DUP_KEY = OFF) ON [PRIMARY]) ON [PRIMARY]Now connecting as procediments (login l2)USE [Victor]GO/****** Object: StoredProcedure [afegirNumero] Script Date: 01/27/2009 20:06:02 ******/SET ANSI_NULLS ONGOSET QUOTED_IDENTIFIER ONGO-- =============================================-- Author: Procediments-- Create date: 26/1/2009-- Description: -- =============================================CREATE PROCEDURE schTest.[afegirNumero] -- Add the parameters for the stored procedure here @numero int = 0, @text nvarchar(50) = ''AS declare @idLogs bigint;BEGIN -- SET NOCOUNT ON added to prevent extra result sets from -- interfering with SELECT statements. SET NOCOUNT ON; -- Insert statements for procedure here --validem l'entrada --guardem parametres insert into schTest.Logs(proced) values ('afegirNumero'); set @idLogs=(select max(idLogs) from Logs); insert into schTest.Parametre(idLogs,idParametre,nomParametre,tipusParametre,valorParametre,sentit) values (@idLogs,1,'@numero','int',cast(@numero as nvarchar(10)),0); insert into schTest.Parametre(idLogs,idParametre,nomParametre,tipusParametre,valorParametre,sentit) values (@idLogs,2,'@text','nvarchar(50)',@text,0); --accio insert into schTest.NumeroTexto(numero,texto) values(@numero,@text); --guardem sortida insert into schTest.Parametre(idLogs,idParametre,nomParametre,tipusParametre,valorParametre,sentit) values (@idLogs,3,'@@error','int',@@error,1); ENDNow connecting once again as DBAgrant execute on schTest.afegirNumero to useradminNow connecting as useradmin (login l3)use victorgoexecute schTest.afegirNumero 1,"Uno"select * from schTest.LogsThe first estatement works, the second don't for the lak of select permission.That's it. Job done. But ....1- The user procediments can drop any table on schema schTest, what I don't want to and I don't know how to deny it.2- The permission for executing the procedure must be granted by DBA. Which permission should have procediments to grant it by themself?Thank you very much for your support and help. <i>V Rabasseda </i> |
 |
|
|
|
|
|
|
|
Schemas and Permissions