Problem with Security Chain

Plateforme Level Extreme

Abonnement

Profil corporatif

Produits & Services

Support

Légal

English

Problem with Security Chain

Message

17/08/2006 12:43:16

Chad Bourque
Tuesday Morning, Inc.
Dallas, Texas, États-Unis

17/08/2006 11:10:20

Ken Matson
GCom2 Solutions
Aston, Pennsylvanie, États-Unis

Information générale

Forum:

Microsoft SQL Server

Catégorie:

Sécurité

Titre:

Re: Problem with Security Chain

Versions des environnements

SQL Server:

SQL Server 2000

Divers

Thread ID:

01146399

Message ID:

01146462

Vues:

Ken,

What are you trying to accomplish that "needs" dynamic SQL? Generally, dynamic SQL in a stored proc is a bad idea and can usually be handled without dynamic code.

Chad

>Hi All,
>
>SQL 2000 - scenario:
>
>A User - "Bob" does not have any rights to the Customer table.
>There is a SP "GetCustomer" that does a simple "Select * from Customer" - Bob has execute rights to this SP.
>Bob runs GetCustomers - no problem - the customers come back.
>
>NOW
>
>GetCustomer is rewritten to do the same thing, but via Dynamic SQL - ie. Execute('Select * from customer')
>AND
>Bob runs GetCustomer and gets a permission error that he doens't have rights to the customer table - very frustrating.
>
>I need to keep the security of Bob NOT having direct rights to the Customer table, but also need Dynamic SQL. Advice?
>
>Thanks,

_________________________________
There are 2 types of people in the world:

Those who need closure

Répondre

Fil

Voir

Click here to load this message in the networking platform