Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
Cross schema calls in SP access rights
Message
From
12/08/2015 09:45:01
Timothy Bryan
Sharpline Consultants
Conroe, Texas, United States
 
 
To
11/08/2015 14:45:30
Timothy Bryan
Sharpline Consultants
Conroe, Texas, United States
General information
Forum:
Microsoft SQL Server
Category:
Stored procedures, Triggers, UDFs
Title:
Re: Cross schema calls in SP access rights
Environment versions
SQL Server:
SQL Server 2012
Application:
Web
Miscellaneous
Thread ID:
01623119
Message ID:
01623181
Views:
37
Anybody have any ideas on this?

>>>I have an issue that I have not run into before. I have a database with about 5 different schemas in order to keep some tables and stored procedures separated. I created a role for each schema as an application access role for the objects in that schema. So for instance a schema called 'Common' has tables and stored procedures. The role is cgCommonMaster and has rights to execute all stored procedures within that schema. It also has SELECT rights on every table in that schema.
>>>
>>>A second schema has the same setup as the Common schema but for the objects in that schema. Now, I have a user that is a member in both roles, so in theory it has access to execute the stored procedures and perform selects on all tables in both schemas.
>>>
>>>I have a stored procedure in the Common schema that performs a delete first on a row from the second schema. Then another on a row in the common schema. I am getting a permission denied on the delete from the second schema call.
>>>
>>>It would not be my desire to grant a role direct permission to do delete on a table. I only want this to be done through the stored procedures. If the role has rights to execute the stored procedure, why would I get this error and how do I avoid granting permissions to delete on a table?
>>>
>>>I can only presume this occurs because of the cross schema call, but there must be a way around it. Any help appreciated.
>>
>>If your schemas have only rights to execute stored procedures and select from tables, when how can they delete rows from tables?
>
>The roles grant rights to execute the stored procedures. The stored procedures have all crud operations. These are all working fine until I added a crud operation on another schema from within the stored procedure. In fact this stored procedure will delete the row for the table in the same schema as the SP. It just will not allow delete on a table in a different schema. I do not grant rights to roles/ users to do CRUD operations. Only to execute stored procedures. This is the only control I have to control what gets deleted or inserted into the tables.
Timothy Bryan
Previous
Next
Reply
Map
View

Click here to load this message in the networking platform