Mike Yearwood
Toronto, Ontario, Canada
Information générale
Forum:
Microsoft SQL Server
Versions des environnements
SQL Server:
SQL Server 2000
>The actual issue is with sp_executeSQL - has the same problem. The Dynamic SQL example just illustrated the problem.
Why are you preventing users from running queries?
>
>thanks,
>
>
>>Ken,
>>
>>What are you trying to accomplish that "needs" dynamic SQL? Generally, dynamic SQL in a stored proc is a bad idea and can usually be handled without dynamic code.
>>
>>Chad
>>
>>
>>>Hi All,
>>>
>>>SQL 2000 - scenario:
>>>
>>>A User - "Bob" does not have any rights to the Customer table.
>>>There is a SP "GetCustomer" that does a simple "Select * from Customer" - Bob has execute rights to this SP.
>>>Bob runs GetCustomers - no problem - the customers come back.
>>>
>>>NOW
>>>
>>>GetCustomer is rewritten to do the same thing, but via Dynamic SQL - ie. Execute('Select * from customer')
>>>AND
>>>Bob runs GetCustomer and gets a permission error that he doens't have rights to the customer table - very frustrating.
>>>
>>>I need to keep the security of Bob NOT having direct rights to the Customer table, but also need Dynamic SQL. Advice?
>>>
>>>Thanks,
Précédent
Répondre
Voir le fil de ce thread
Voir le fil de ce thread à partir de ce message seulement
Voir tous les messages de ce thread
Voir tous les messages de ce thread à partir de ce message seulement