Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
Problem with Security Chain
Message
 
To
17/08/2006 11:10:20
Ken Matson
GCom2 Solutions
Aston, Pennsylvania, United States
General information
Forum:
Microsoft SQL Server
Category:
Security
Title:
Re: Problem with Security Chain
Environment versions
SQL Server:
SQL Server 2000
Miscellaneous
Thread ID:
01146399
Message ID:
01146462
Views:
19
Ken,

What are you trying to accomplish that "needs" dynamic SQL? Generally, dynamic SQL in a stored proc is a bad idea and can usually be handled without dynamic code.

Chad


>Hi All,
>
>SQL 2000 - scenario:
>
>A User - "Bob" does not have any rights to the Customer table.
>There is a SP "GetCustomer" that does a simple "Select * from Customer" - Bob has execute rights to this SP.
>Bob runs GetCustomers - no problem - the customers come back.
>
>NOW
>
>GetCustomer is rewritten to do the same thing, but via Dynamic SQL - ie. Execute('Select * from customer')
>AND
>Bob runs GetCustomer and gets a permission error that he doens't have rights to the customer table - very frustrating.
>
>I need to keep the security of Bob NOT having direct rights to the Customer table, but also need Dynamic SQL. Advice?
>
>Thanks,
_________________________________
There are 2 types of people in the world:
    Those who need closure
Previous
Next
Reply
Map
View

Click here to load this message in the networking platform