SQL Server stored procedures and permissions
Question
Is it possible to deny permissions for everything in SQL Server (eg select, insert, etc) and give temporary permissions through stored procedures. I want to use only stored procedures to access data in sql database.
Is this possible or is there another way?
3 answers
solution1
6 ACCPTED 2011-06-26 14:11:41
This is a good pattern supported my SQL Server.
Basically, whoever has permissions on the the stored procedures does not need any table permissions at all, if the proc and tables have the same owner (dbo usually). It's called ownership chaining
Note: permissions on the tables are simply not checked in this situation, so explicit "DENY permissions" will be ignored too (DENY is different to "no permissions")
The same applies to views, functions etc (eg view calling table, proc calling view, ...)
solution2
5 2011-06-26 14:04:37
Yes this is called ownership chaining , if you give execute permission to the proc the user will be able to execute the proc and it will work, he will get data back
if he then tries to do a select from the table from SSMS it will not work (providing that he is not in the data reader or higher role)
Keep in mind that dynamic SQL breaks ownership chaining , if you have dynamic SQL in the stored procedure, you will need extra permissions in that case
solution3
1 2011-06-26 14:10:05
This does not only work with stored procedures, but also with views.
In general, you can give a user permission on a "higher-level" object like a view or sproc, without having to give the same user permission on the underlying table(s) as well.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.