Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
Problem with Security Chain
Message
From
17/08/2006 11:10:20
Ken Matson
GCom2 Solutions
Aston, Pennsylvania, United States
 
 
To
All
General information
Forum:
Microsoft SQL Server
Category:
Security
Title:
Problem with Security Chain
Environment versions
SQL Server:
SQL Server 2000
Miscellaneous
Thread ID:
01146399
Message ID:
01146399
Views:
60
Hi All,

SQL 2000 - scenario:

A User - "Bob" does not have any rights to the Customer table.
There is a SP "GetCustomer" that does a simple "Select * from Customer" - Bob has execute rights to this SP.
Bob runs GetCustomers - no problem - the customers come back.

NOW

GetCustomer is rewritten to do the same thing, but via Dynamic SQL - ie. Execute('Select * from customer')
AND
Bob runs GetCustomer and gets a permission error that he doens't have rights to the customer table - very frustrating.

I need to keep the security of Bob NOT having direct rights to the Customer table, but also need Dynamic SQL. Advice?

Thanks,
Ken B. Matson
GCom2 Solutions
Next
Reply
Map
View

Click here to load this message in the networking platform