Mike Yearwood
Toronto, Ontario, Canada
General information
Forum:
Microsoft SQL Server
Environment versions
SQL Server:
SQL Server 2000
>The actual issue is with sp_executeSQL - has the same problem. The Dynamic SQL example just illustrated the problem.
Why are you preventing users from running queries?
>
>thanks,
>
>
>>Ken,
>>
>>What are you trying to accomplish that "needs" dynamic SQL? Generally, dynamic SQL in a stored proc is a bad idea and can usually be handled without dynamic code.
>>
>>Chad
>>
>>
>>>Hi All,
>>>
>>>SQL 2000 - scenario:
>>>
>>>A User - "Bob" does not have any rights to the Customer table.
>>>There is a SP "GetCustomer" that does a simple "Select * from Customer" - Bob has execute rights to this SP.
>>>Bob runs GetCustomers - no problem - the customers come back.
>>>
>>>NOW
>>>
>>>GetCustomer is rewritten to do the same thing, but via Dynamic SQL - ie. Execute('Select * from customer')
>>>AND
>>>Bob runs GetCustomer and gets a permission error that he doens't have rights to the customer table - very frustrating.
>>>
>>>I need to keep the security of Bob NOT having direct rights to the Customer table, but also need Dynamic SQL. Advice?
>>>
>>>Thanks,
Previous
Reply
View the map of this thread
View the map of this thread starting from this message only
View all messages of this thread
View all messages of this thread starting from this message only