Plateforme Level Extreme
Abonnement
Profil corporatif
Produits & Services
Support
Légal
English
Problem with Security Chain
Message
De
17/08/2006 11:10:20
Ken Matson
GCom2 Solutions
Aston, Pennsylvanie, États-Unis
 
 
À
Tous
Information générale
Forum:
Microsoft SQL Server
Catégorie:
Sécurité
Titre:
Problem with Security Chain
Versions des environnements
SQL Server:
SQL Server 2000
Divers
Thread ID:
01146399
Message ID:
01146399
Vues:
61
Hi All,

SQL 2000 - scenario:

A User - "Bob" does not have any rights to the Customer table.
There is a SP "GetCustomer" that does a simple "Select * from Customer" - Bob has execute rights to this SP.
Bob runs GetCustomers - no problem - the customers come back.

NOW

GetCustomer is rewritten to do the same thing, but via Dynamic SQL - ie. Execute('Select * from customer')
AND
Bob runs GetCustomer and gets a permission error that he doens't have rights to the customer table - very frustrating.

I need to keep the security of Bob NOT having direct rights to the Customer table, but also need Dynamic SQL. Advice?

Thanks,
Ken B. Matson
GCom2 Solutions
Suivant
Répondre
Fil
Voir

Click here to load this message in the networking platform