Information générale
Forum:
Microsoft SQL Server
Are you doing...
exec (@cthesql)
Or something similar? What result do you get, access denied?
>This is a good question.
>
>If, for security reasons, I do not want to give SELECT permissions to any of the SQL tables then I can just give access to Stored Procs and the stored procs can issue the SELECT.
>
>
>However, if I want to build an SQL statement inside a Stored Proc (based on paremeters and who the user is, I can easily build the SELECT string buut I have to issue a SQLEXEC call to execute the SELECT string. It is this SQLEXEC call that chokes if the user does not have SELECT rights on the table.
>
>So the big question is, how do you allow dynamic SQL statements to be constructed and executed without giving SELECT rights on the table itself?
>
>Guy
>
>
>
>>>Does anyone know how to pass a SQL search string into a stored procedure for execution. (Without string parsing!!). This means that table select permissions do not have to be given to individual tables.
>>>
>>>Thanks
>>>Paul
>>
>>Are you saying if you string execute a SQL statement in a stored procedure, that is considered 'selecting data?' ? Wouldn't the SP's need access to select data anyhow?
>>
>>BOb
Précédent
Répondre
Voir le fil de ce thread
Voir le fil de ce thread à partir de ce message seulement
Voir tous les messages de ce thread
Voir tous les messages de ce thread à partir de ce message seulement