Plateforme Level Extreme
Abonnement
Profil corporatif
Produits & Services
Support
Légal
English
Cross schema calls in SP access rights
Message
De
12/08/2015 09:45:01
Timothy Bryan
Sharpline Consultants
Conroe, Texas, États-Unis
 
 
À
11/08/2015 14:45:30
Timothy Bryan
Sharpline Consultants
Conroe, Texas, États-Unis
Information générale
Forum:
Microsoft SQL Server
Catégorie:
Stored procedures, Triggers, UDFs
Titre:
Re: Cross schema calls in SP access rights
Versions des environnements
SQL Server:
SQL Server 2012
Application:
Web
Divers
Thread ID:
01623119
Message ID:
01623181
Vues:
36
Anybody have any ideas on this?

>>>I have an issue that I have not run into before. I have a database with about 5 different schemas in order to keep some tables and stored procedures separated. I created a role for each schema as an application access role for the objects in that schema. So for instance a schema called 'Common' has tables and stored procedures. The role is cgCommonMaster and has rights to execute all stored procedures within that schema. It also has SELECT rights on every table in that schema.
>>>
>>>A second schema has the same setup as the Common schema but for the objects in that schema. Now, I have a user that is a member in both roles, so in theory it has access to execute the stored procedures and perform selects on all tables in both schemas.
>>>
>>>I have a stored procedure in the Common schema that performs a delete first on a row from the second schema. Then another on a row in the common schema. I am getting a permission denied on the delete from the second schema call.
>>>
>>>It would not be my desire to grant a role direct permission to do delete on a table. I only want this to be done through the stored procedures. If the role has rights to execute the stored procedure, why would I get this error and how do I avoid granting permissions to delete on a table?
>>>
>>>I can only presume this occurs because of the cross schema call, but there must be a way around it. Any help appreciated.
>>
>>If your schemas have only rights to execute stored procedures and select from tables, when how can they delete rows from tables?
>
>The roles grant rights to execute the stored procedures. The stored procedures have all crud operations. These are all working fine until I added a crud operation on another schema from within the stored procedure. In fact this stored procedure will delete the row for the table in the same schema as the SP. It just will not allow delete on a table in a different schema. I do not grant rights to roles/ users to do CRUD operations. Only to execute stored procedures. This is the only control I have to control what gets deleted or inserted into the tables.
Timothy Bryan
Précédent
Suivant
Répondre
Fil
Voir

Click here to load this message in the networking platform