Posted by orange on 02/28/06 22:25
It is a in SQL that permission is check on the first called element i.e.
in case of stored procedure the there's a check made if the user has
the right to execute a procedure. Thus it's possiblie to allow a user to
execure a procedure and e.g. display a subset of data without allowing
to read tables content. Up to sp3 it was valid for the whole server.
From sp3 you've got to set cross-databse chaining explicitly.
Grzegorz Danowski wrote:
> Hi
>
> I have two databases: Customers and Operations. In Customers database I
> have made a view based on a few tables from both Customers and
> Operations (left join - customers without any operations). In the same
> database (Customers) I have created a stored procedure based on the
> view. Finally I'd like to give to some users permission only to exec the
> stored procedure.
>
> Have I to add the users to Customers? If yes, please describe me how to
> limit the users privileges only to execution the stored procedure (no
> rights to open tables or view from Customers).
>
> Regards,
> Grzegorz
>
> Ps. I had sent the post on microsoft.public.sqlserver.security, but I
> had no answer.
Navigation:
[Reply to this message]
|