Grant Execute On Sproc Doesn't Grant Privilege To Update?
Oct 31, 2014
I am writing a stored procedure which updates a table, but when I run the stored procedure using a login that I have granted execute privileges on, then I get a message that I cannot run an update on the table. This would happen in dynamic sql... while my SQL has parameter references, I don't think it is considered dynamic SQL?
sproc:
CREATE PROCEDURE [schemaname].[SetUserCulture]
@UserID int
, @Culture nvarchar(10)
AS
UPDATE dbo.SecUser
SET Culture = @Culture
WHERE UserID = @UserID
execute SQL:
EXEC schemaname.SetUserCulture @UserID = 9, @Culture = N'x'
error:
The UPDATE permission was denied on the object 'SecUser', database 'DatabaseName', schema 'schemaname'.
View 8 Replies
ADVERTISEMENT
Aug 24, 2006
it is possible to grant all privilege (CRUD) to specified table to user. But, now, i want to grant all privilege (CRUD) of all tables, views, sp, ... of database to the user. is it possible?regards,
View 5 Replies
View Related
Sep 28, 2005
Hi. Thru a sproc, I drop & re-create some temp tables.When I call that sproc from the client, though, I cannot drop thetables.I need to allow the user, say "Alex", to drop/create tables (actually,that would be DDL). Which role should "Alex" assume ? How do I do that?I run the following sproc named, say, "CREATE_TABLE" (SNIP):__________________________________________________ __________________Set @StrSQL = 'if exists (select * from dbo.sysobjects where id =object_id(N''[dbo].[' + @TableName + ']'') and OBJECTPROPERTY(id,N''IsUserTable'') = 1) drop table [dbo].[' + @TableName + ']'Exec (@StrSQL)Set @StrSQL = 'CREATE TABLE [dbo].[' + @TableName + '] ([GROUP] [varchar] (6) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,...........[Stuff] [varchar] (20) COLLATE SQL_Latin1_General_CP1_CI_AS NULL) ON [PRIMARY]'Exec (@StrSQL)Set @StrSQL = 'GRANT SELECT , UPDATE , INSERT , DELETE ON [dbo].['+ @TableName + '] TO [Alex]'Exec (@StrSQL)__________________________________________________ __________________As you can see, it is dynamic, because I need to repeat it for many@TableName values - that means, further more, that I will be executingthis in the context of the current user, Alex, and therefore I have togive Alex rights to both executing the sproc and to the tables referredto by the sproc, as specified by @TableName.I created a _TEST sproc which contains only the following:_______________________________________________CREATE PROCEDURE _TEST ASDROP TABLE [dbo].[SomeTable]RETURN_______________________________________________When I execute it from the client, thru ADODB, on user Alex, I get"User does not have permission to execute this operation on tableSomeTable"The table has been created thru "CREATE_TABLE", abovePlease help, I have to finish this tomorrow, and I'm under tons ofpressure.Thanks a lot,Alex.
View 1 Replies
View Related
Oct 15, 2007
GRANT SELECT ON [dbo].[TblAreaCatmap] TO [admin] prevent grant from being automaticly add to each column?
Is there a way when you issue a grant select to a table or a view to not also grant select for each column.
The problem is when you use the grant command it automaticly adds the grant command to each column. I want to grant the permission at the table level so when the table is scripted it only has a single grant command instead of a grant for the table and a grant for each column which is not needed.
The sql managemnt studion interface will allow you to do this but onlt by using the interface. If you issue the above command from a query window it also creates A GRANT FOR EVERY COLUMN. How can I stop this behavior.
View 9 Replies
View Related
Aug 16, 2007
In SQL Server 2005 SP2 I want to grant the ability to create views to a user but in order to do this it requires that the users has the ability to grant alter on a schema.
Is there any way to grant this privilage without granting alter on schema also?
View 1 Replies
View Related
Jul 21, 2015
Have a certificate and symmetric key that i have used the following to GRANT to logins. How can I find out which SQL logins have the GRANT CONTROL and GRANT VIEW DEFINTION?
GRANT VIEW DEFINITION ON SYMMETRIC KEY:: Symetric1 TO Brenda
GRANT CONTROL ON CERTIFICATE:: Certificate1 to Brenda
View 5 Replies
View Related
Feb 18, 2014
I am relatively new to sql developer. There is a new user that just joined our organization. I am trying to grant him the same direct grants privilege to the tables that an existing user has. The existing user has a ton of direct table access privileges and it will take days if I had to do each grant one by one like: grant select,insert,delete,update on 'table name' to 'user id'. Is there a way of copying or inserting an existing user's privilege and granting it to a new user.
View 2 Replies
View Related
May 6, 2008
Hi,
I want one of my database users to be able to grant execute to procedures, but I don't want the user to have sys admin rights.
Is this possible. Kind of a statement like the following:
GRANT EXECUTE ON [GRANT EXECUTE] TO myuser
Thanks in advance
View 9 Replies
View Related
Feb 9, 2001
I am trying to set up a security system for my senior developers where they automatically can execute any procedure. It is in the System Administrator server role. Is there any way I can grant this role to their database role withour giving them complete System Adminstrator rights?
View 3 Replies
View Related
Apr 2, 2002
Can anyone help me please.
Healp please.
Does anybody know how to make xp cmdshell runnable for users other than Admin. It should be possible to grant execute to others, but i can't figure out how.
This is what i found:
Be aware that when you grant execute permission for xp_cmdshell to users, the users will be able to execute any operating-system command at the Windows NT command shell that the account running SQL Server (typically local system) has privilege to execute.
To restrict xp_cmdshell access to users who have administrator permission on the Windows NT-based computer where SQL Server is running, use SQL Setup or SQL Enterprise Manager to set the server options, selecting the "xp_cmdshell - Impersonates Client" option. With this option selected, only users who have connected to SQL Server via a trusted connection and are members of the local Administrators group on that computer are allowed to use xp_cmdshell. The commands run by xp_cmdshell continue to execute in the server's security context.
View 1 Replies
View Related
May 6, 2008
I am creating a login with a user in one database. The id has to
create procedures in the dbo schema, execute them, and grant execute on them to other users.
BOL says to
GRANT ALTER ON SCHEMA::DBO TO username ;
GRANT CREATE PROCEDURE TO username ;
I did that. User can now create procedures, but cannot execute what he creates. And cannot grant execute on the sp to anybody.
I don't want to give this id a lot of priviledges.
View 16 Replies
View Related
Dec 11, 2006
does anyone know how to do this, its :
GRANT EXECUTE ...
for 2005 but for 2000?
View 6 Replies
View Related
Mar 3, 2008
Hi, I have created a DTS Package in SQL Server 2000, is there any way that a different user can edit and execute that DTS WITHOUT having server roles?
Thanks
View 6 Replies
View Related
Aug 7, 2007
Hello.
I'm using what looks to be a popular script to grant execute privileges to stored procedures, and it works great as long as the user account that you want to grant to is not a domain account.
For example, I need to grant execute to myDomaindbUsers, but get a syntax error when the script tries to execute this statement:
SET @SQL = 'GRANT EXECUTE ON [' + @Owner
+ '].[' + @StoredProcedure
+ '] TO myDomaindbUsers'
Incorrect syntax near ''.
The script works fine if a non-concatenated user account is given.
We use Active Directory to manage our access, thus the domaingroup.
Has anyone found a way around this?
Thanks in advance.
Tess
Here's the entire script for anyone who's interested:
USE whateverDatabase
GO
DECLARE @SQL nvarchar(4000),
@Owner sysname,
@StoredProcedure sysname,
@RETURN int
-- Cursor of all the stored procedures in the current database
DECLARE cursStoredProcedures CURSOR FAST_FORWARD
FOR
SELECT USER_NAME(uid) Owner, [name] StoredProcedure
FROM sysobjects
WHERE xtype = 'P'
AND OBJECTPROPERTY(OBJECT_ID(QUOTENAME(USER_NAME(uid)) + '.' + QUOTENAME(name)), 'IsMSShipped') = 0
AND name LIKE 'p%'
OPEN cursStoredProcedures
-- "Prime the pump" and get the first row
FETCH NEXT FROM cursStoredProcedures
INTO @Owner, @StoredProcedure
-- Set the return code to 0
SET @RETURN = 0
-- Encapsulate the permissions assignment within a transaction
BEGIN TRAN
-- Cycle through the rows of the cursor
-- And grant permissions
WHILE ((@@FETCH_STATUS = 0) AND (@RETURN = 0))
BEGIN
-- Create the SQL Statement. Since we€™re giving
-- access to all stored procedures, we have to
-- use a two-part naming convention to get the owner.
SET @SQL = 'GRANT EXECUTE ON [' + @Owner
+ '].[' + @StoredProcedure
+ '] TO myDomaindbUsers'
-- Execute the SQL statement
EXEC @RETURN = sp_executesql @SQL
-- Get the next row
FETCH NEXT FROM cursStoredProcedures
INTO @Owner, @StoredProcedure
END
-- Clean-up after the cursor
CLOSE cursStoredProcedures
DEALLOCATE cursStoredProcedures
-- Check to see if the WHILE loop exited with an error.
IF (@RETURN = 0)
BEGIN
-- Exited fine, commit the permissions
COMMIT TRAN
END
ELSE
BEGIN
-- Exited with an error, rollback any changes
ROLLBACK TRAN
-- Report the error
SET @SQL = 'Error granting permission to ['
+ @Owner + '].[' + @StoredProcedure + ']'
RAISERROR(@SQL, 16, 1)
END
GO
View 3 Replies
View Related
Apr 5, 2008
I have a stored procedure in which at the bottom of the code, im granting execute permissions to a role I have defined. However, when I view the permissions on the procedure, the role isnt there, what could I be missing ? The procedures were all created under the default or dbo schema. I could manually give the permissions to the role, but id rather have it scripted.
help ?
View 5 Replies
View Related
Jul 26, 2006
Dear all,
Basically I want to set chain up the rights so that the anonymous web user IUSR_ .. can execute the new .NET subs, functions etc in the assembly, just as the anonymous web user can execute Stored Procedures when granted. In this way, it should be possible to call the .NET assembly just as classic stored procedures from ASP/ASP.NET.
I have written a .NET function which I can successfully execute if I log on to the database as an administrator by sending this T-SQL query; it returns the result of a given string:
select dbo.CLRHTMLString('abc')
The scenario is now to try to grant access to this assembly for a different role (webuser), which the classic IUSR_MYSERVERNAME is a login of, so that I can call the .NET Assembly when I am authenticated as the anonymous web user (e.g. via ASP, etc.).
To test access, I created a login (webusertest) for a user (webusertest) in the same role (webuser) on the database. But when I use this login, which supposedly has the same rights as the IUSR_, execution right is denied:
EXECUTE permission denied on object 'CLRHTMLString', database 'adt_db', schema 'dbo'.
Note: The 'webuser' database role has Execute permission on the Assembly.
I have also tested this from my actual web page, with the following results:
(1) IUSR_MYSERVER member of db_owner role: Web page has right to call assembly.
(2) IUSR_MYSERVER not member of db_owner role: Web page does not have right to call assembly.
Further test results:
(3) Function can be called when making the user "webusertest" member of the "db_owner" role, which is too much rights to grant for the anonymous web user.
(4) When adding the user 'webusertest' to get 'Execute' permissions on the assembly, it does not get added. After clicking OK, there is no warning message, but when opening the Assembly Properties -> Permission dialog box the same time, the 'webusertest' user does not appear in the list.
Thankful for any advice on this matter.
View 4 Replies
View Related
Feb 13, 2007
is there an easy way I can give a specific user complete insert,update, and delete permissions on all tables,view, and sp in a db without having to set individually for all?
View 5 Replies
View Related
Aug 16, 2005
Hi,
I was wondering, how do I make a user for my php app, like I do in MySQL?
View 2 Replies
View Related
Apr 9, 2007
so here i go explaining my problem: I create an empty database. then I use the .net aspregsql tool to make the tables and the procs and everything, and it does. when i view my database it has the 11 empty tables the sprocs and the roles and everything. BUT when I open up the "asp website configuration" to add some users, it gives the following error:EXECUTE permission denied on object 'aspnet_CheckSchemaVersion', database 'masfeni_fakebetsdb', owner 'dbo'.
View 6 Replies
View Related
Apr 14, 2007
I have created a table with ..
username, password, grant
username and password are nvarchar
grant is a bit
I want to check the availability of the username and password and then check if it is granted to access or not ..
so I made a selection query for getting the grant when username ==x and password = y
x=data come from another page
y=data come from another page
then put the selected grant or deny ( true or false) in a data set ..
and then check if it is grant ( true) to complete what I want >>>
else ( deny ....( false )) to return a reponse of deny username or password...
but everytime the dataset is empty ..
this is my code ...
sqlConnection1.Open();
SqlDataAdapter da=new SqlDataAdapter("select grant_deny from users where username='"+Request.QueryString["username"]+"' and password='"+Request.QueryString["password"]+"'",sqlConnection1);
da.Fill(ds,"users");
sqlConnection1.Close()
if (ds.Tables[0].Rows[0]["grant_deny"].ToString()=="true")
{
.
.
.
.
}
else
{
Response.write("error");
}
what is wrong ..??
and if there is anyone has another solution for what I want .. I appriciate any sample code,...
thanks in advance..
View 1 Replies
View Related
Jan 22, 2001
Hello All,
I have 2 logins
1. Login1 ( has dbo permissons)
2. Login2 ( Data reader )
I have Created a table Tbl1 using Login1 ,
I have used grant statement to give select permissons to Login2
When I connect to the database using Login2 and use the T-Sql :- Select *
from Tbl1 , I get an error saying Invalid object name 'Tbl1'.
Thanks in Advance
View 2 Replies
View Related
Aug 7, 1999
Can someone explain ..what is the basic difference between TSQL Stmts Grant and Revoke?
A reply will be highly appreciated
Thanks
View 1 Replies
View Related
Oct 13, 2005
Hi all,
Can I grant select only permission on all objects in the database? I have users that I need to give view access only on stored procedures, triggers, and functions. Thanks.
View 1 Replies
View Related
Apr 14, 2008
how to grant alter table and set identity insert column permission in sql server 2005,
help is apprecitate
View 4 Replies
View Related
May 14, 2008
I want to Grant permission for a table which is residing at another server's database. I have added the server as a linked server to my database and i am able to do all DML (Insert, Update, Delete) operations from the source server to the target server's table. But i am not able to Grant permission for the table.
View 11 Replies
View Related
Nov 30, 2007
I am trying to write a SQL script that grants execute permissions on all stored procedures for a single user (test_user).
I am running SQL server 2005
Does anyone have a script to do this.
Many thanks
View 1 Replies
View Related
Dec 20, 2007
hi to all,
can anyone tell me what is differences between take ownership and control permission in sql server 2005?
thank you
honey sachdeva
View 1 Replies
View Related
Jul 20, 2005
I need to check if any user in the database is assigned any permissionWITH GRANT OPTION. Please let me know how do I check this. Also let meknow if assigning rights WITH GRANT OPTION is possible from enterprisemanager.Thanks in advanceKamal
View 1 Replies
View Related
May 31, 2007
hello,
what permission do I need to grant to a user to let him to read a table in a linked server object?
Thanks
View 13 Replies
View Related
May 11, 2006
Hi,
is there a way to grants object privileges on
all tables of database to an user?
like this:
grant select, insert, update, delete on <all tables> to usernamedb
go
thanks!!!!
View 4 Replies
View Related
Aug 24, 2006
Is it possible to grant all privilege for all tables of a specified database through script? Because i have to send the script to user side and i can't do it manually in Enterprise Manager.regards,
View 1 Replies
View Related
Feb 26, 2007
GRANT SEND ON SERVICE::SqlQueryNotificationService TO guestI need to run that T-SQL command to allow Query Notifications and I keep getting this error.Cannot find the service 'QueryNotificationService', because it does not exist or you do not have permission.I am logged in with my user account with Administrator rights along with just about every permission I can think of for the SQL Server account. I even logged in as SA and it also fails when trying to run this command. This is being done on SQL Express. So I also logged into my Windows 2003 Server with a fresh install of SQL Server 2005 Dev Edition and this also fails with the same error.Clearly I need some permission correction or something else is missing from both installations.Please help!
View 1 Replies
View Related
Apr 12, 2008
I run the following query...using sql analyzer dbo.aCVChangeSQLPassword 'user1','user1',''I am logged in as user1 in the sql analyzer...It chnages my password, in sql server, however gives me this message...Grantor does not have GRANT permission.Password changed.(1 row(s) affected)Server: Msg 4613, Level 16, State 1, Procedure aCVChangeSQLPassword, Line 27Grantor does not have GRANT permission.
Line no 27 has the folliwng code that I execute...
exec sp_password @old,@new,null
View 1 Replies
View Related
