General information
Forum:
Microsoft SQL Server
I need to deploy a DB and it's procs and functions. The application accesses the DB only through procedures. There is no DML issued directly to the DB.
So here is what i've done:
I've create a role and granted execute on all procs and functs to that role.
By doing this, I was limiting the entry point to the DB through those procs.
I was surprise to see that through that role I could see the internal code of my procs, so I used the 'WITH ENCRYPTION' option in my code.
Using QA, I was able to see the table names and the list of DB and ....
Question 1: how do I setup this group so users of that groups are only allowed to execute procs and NOTHING else ?
Question 2: It's easy to put 'WITH ENCRYPTION' so users cannot see the procs code, but in my installation scripts, it's clearly visible. How do you solve that ?
Thanks!
Next
Reply
View the map of this thread
View the map of this thread starting from this message only
View all messages of this thread
View all messages of this thread starting from this message only