Stored Procedures To Limit SELECT Access
Sep 17, 2007
Hi there,
I have a database table with a field to specify the username of records that particular user is allowed to access (read only). I want to be certain the user does not have access to any other records. So I'm using a stored procedure to query the table with "WHERE dbuser = USER".
My problem is that the stored procedure is returning an error that the table I'm querying cannot be found, and I suspect it is because the user does not have proper permissions to see those tables, even through the stored procedure.
So my question is, how do I grant the user sufficient access for this stored procedure to work without outright granting them select permission on the tables?
Much appreciated!
View 3 Replies
ADVERTISEMENT
Nov 21, 2007
Hi,I'm using c# with a tableadapter to call stored procedures. I'm running into a problem where if I have over a certain byte size or number of parameters being passed into my stored proc I get an exception that reads: "Cannot evaluate expression because a thread is stopped at a point where garbage collection is impossible, possibly because the code is optimized." If I remove one parameter, the problem goes away. Has anyone run into this before? Thanks,Mark
View 3 Replies
View Related
Dec 8, 1999
COULD ANYONE PLEASE TELL ME HOW I CALL A STORED PROCEDURE FROM AN ACCESS 97 DATABASE WHICH ARE HELD ON AN SQL 7 DATABASE.
I HAVE USED THE USAULL CALL STATEMENT, BUT THIS DOES NOT WORK.
SO ANY HELP WOULD BE GRATEFULLY APPRECIATED.
GARY J
View 3 Replies
View Related
Nov 3, 2000
can anyone tell me how to call SQL stored procedures in MS Access97...
appreciate any help
View 4 Replies
View Related
Nov 20, 2003
How can I get a group of stored procedures or a job to run on the sql server from Access?
Thanks
View 1 Replies
View Related
Jul 18, 2007
Hi,
How can I remove access to extended (xp_) stored procedures?
Is there any revoke on <stored_procedure_name> ... command? How can I generate a script of all users who have execute privileges for these procedures? Also, is there any way of restricting (instead of removing) access to those procedures?
Any help will be greatly appreciated!!!
Thanks,
Alla
View 2 Replies
View Related
Oct 5, 2005
I'm going through the SQLSecurity Checklist I found at sqlsecurity.com. One of the points it says to "Restrict to sysadmins-only access to stored procedures and extended stored procedures that you believe could pose a threat." It also lists a bunch of stored procs and extended stored procs that you should consider restricting to sysadmins only. I was wondering if someone could give me some pointers on how to do this? I would like to write a script that I could run on every sql server 2000 install that would do this. How could I ensure that every user does not have access except the sysadmins?
Thanks,
Chris
View 11 Replies
View Related
Dec 17, 2007
I am working on a corporate project. I have many stored procedures(>100) and wanted to know which applications( or Frontends) in the network use or consume my stored procedures. How can i do that in SQL 2005??
NBU
View 5 Replies
View Related
Jul 3, 2007
Hi. I have set up an instance of SQL 2005 on my local computer. I use MS SQL Server Management Studio to login into my 2005 instance via Windows login. When I expand "Stored Procedures" under "Programmability" of the Database I want and go to a stored procedure and right click, I don't see the "properities" selection.
I know it's there because I can get to it on other instances but I can't get to it on my local instance. I added my windows user to my Logins and then to my database users but it didn't help.
Can anyone please tell me what I need to do so I can access the properties of the stored procedures?
Thanks
View 3 Replies
View Related
Dec 12, 2006
Hello everyone,
I have a design problem which I am hoping somebody can shed some light on.
I am running SQL Server 2000 using SQL authenticaiton (due to be changed to Windows authentication in the next 6 months). I have a table in my database which we shall call monthly. I want to restrict the ability to insert to the monthly table to 2 stored procedures (proc_abc & proc_xy) which I have written which do various other validation checks before it inserts the data into monthly.
Users with the Foo function assigned are able to execute proc_abc & proc_xy
I have written a VB application which can be used by users who are not familiar with SQL to be able to execute these stored procedures. (Must have Foo function in order to login to this application).
I want to restrict the ability to execute the stored procedures to users using the VB application only, and thus not be able to execute the stored procedure using Query Analyzer or such like for any Foo user.
Is there anyway I can do this?
One suggestion put to me is two split the functions. Have one function lets call it Top which can access the VB application and then have another function called Bottom which is able to execute the stored procedures. Only the VB app would have access to the Bottom credentials. But is this secure? Would I just hard code the credentials for the Bottom function user within the VB app? This doesn's seem a secure way of doing things to me.
Thanks for the help!
View 6 Replies
View Related
Mar 13, 2008
Can Microsoft Access access a stored procedure on the SQL Server? If not, is there any way to assign a parameter to a view? I can link to a view in Access, but I cannot link to a procedure. I need to SELECT * from aTable WHERE ID = [@PassidInID]. Any way to do this through Access? The reason for this, is because I am trying to run an existing query (which is very busy - using other queries with queries in them etc.), and I keep getting an ODBC error. I am thinking that if I move the queries to the SQL Server, it may get rid of this error?
It's a 2-tier app I have. Tables on the server, forms, queries, and everything else in Access.
Thanks in advance - I hope.
View 9 Replies
View Related
Apr 2, 2004
Hi,
We use stored procedures to populate the properties of data layer objects. Is there any advantage or disadvantage (performance wise) of using "SELECT * FROM Table1" Vs
SELECT COLUMN1, COLUMN2, COLUMN3, ETC FROM Table1.
Using individual column names in the select store procedure is getting difficult to maintain for large number of columns or when columns are added or removed.
Thanks,
Suparna
View 2 Replies
View Related
Jul 5, 2005
Ok, I currently have a query which is basically doing the following:
Code:
SELECT ...
WHERE x IN (101,102...)
I have a couple of questions:
Firstly would making this to a stored procedure really make much of a difference to performance considering the WHERE IN clause.
Secondly how can I pass this list of values to use in the WHERE IN clause to the stored procedure. I tried nVarChar but really wasn't surprised when it didn't work... and can't really think of another clear way.
Thanks in advance,
-D
View 4 Replies
View Related
Aug 31, 2006
I have read that it is possible to configure sql server express so that the database can only be accessed through stored procedures. Can anyone tell me how to do this. Many thanks.martin
View 2 Replies
View Related
Apr 22, 2001
I have upsized a complex Access 97 application to SQL Server 7, and want to substantially preserve the user interface design by using an Access 2000 project (*.adp) as the front end.
Most of the original Access queries accepted their parameters from screen form objects, and this works well using SQL 7 stored procedures as form recordsources.
However, Access 2000 does not seem to provide a way to tell a listbox or combo box how to pass a parameter value from a screen form object to its SQL 7 stored procedure rowsource.
These parametized listboxes are critical to the interface design.
Please help!!!
View 1 Replies
View Related
Mar 7, 2001
I am used to working in Access and just recently became somewhate proficient using custom functions in modules.
I am trying to figure out what the equivalent of functions is in SQL Server. I mean, does a Stored Procedure in SQL Server replace a module in Access? Can you declare different functions in SQL Server like you can in Access?
Thanks for your help.
Mike
View 1 Replies
View Related
Dec 13, 2004
Hi,
Can someone help me with this problem.
I have a stored procedure in SQL Server that updates a particular table. When I run it in SQL server Query Analyser, it works fine. But I want to invoke this stored procedure when I click a button on an MS Access Form. The code I'm using is:
Dim cn, cmd
Set cn = CreateObject("ADODB.Connection")
cn.Open "SQL" //Data Source Name
Set cmd = CreateObject("ADODB.Command")
Set cmd.ActiveConnection = cn
cmd.CommandText = "LoadApplicants" //Stored Procedure Name
cmd.CommandType = adCmdStoredProc
cmd.Execute
for some reason only a few records are updated everytime I click on the button. Is there any reason why this is happening?
View 4 Replies
View Related
Jun 17, 2004
Hi,
I need to keep track of the number of hits on a particular page. Im using a stored Procedure
What I want to do is get the number of hits and increment it by one :)
ie: Sub Procedure should be like below
SELECT noOfHits WHERE pageName = 'bla bla'
noOfHits = noOfHits + 1 etc.
Also, some of the pages will be added and deleted all the time, so before I increment the noOfHits variable I need to check that the pageName 'bla bla' exists. AND if it doesnt I need to create a pageName called 'bla bla'
What I need to do in essence is:
1. Check that a particular row exists. if it doesnt create it.
2. Increment a value (by one) to a column in this particular row.
Phew. Hope you got that. Any ideas much appreciated,
Thanks,
Pete
View 4 Replies
View Related
Nov 5, 2004
i want use stored procedures in select query.
for example :
select * from table where (... run a stored procedure ....)
or update from table set a=@a where (... run a stored procedure ....)
how can i do it ?
thx
View 3 Replies
View Related
Mar 15, 2007
I know its a weird request, but we have created an application with sql server but our client wants a version which can be put onto disk.
We decided to create the stored procedures into queries, would this be the best idea and if so does anyone know if there is a freeware software that can do this or will I have to painstakingly re-create the queries?
Any advice would be greatly appreciated.
Many thanks
Smilla
View 1 Replies
View Related
May 10, 2007
Hi, I'm developing a fresh SQL DB which is result of a deep analysis of an old Access DB. THe thing is, this old one had very complex consultations to the Access tables, and some consultations were using another consultations as way to select some specific data. THe ideia in SQL is to avoid that too, however, there are some data that may serve exactly the same to some bigger stored procedures. This way, I have three options I guess: 1. Create every stored procedure making select queries directly to the table and it's done!2. Create auxiliary stored procedures which will select the redundant data, and when it is needed, another stored procedures call this one and use its returned data. (is this possible anyway?).3. I create a view to this redundant data, and the greater depth stored procedures access this data of the view when needed. I've heard, however, that a select to a view is slower than directly to the table, once the view adds an extra query to the process.. What is your guess on this issue of mine?I'm almost sure that option 1 is the best, however, I'd love to hear from you guys your opinion on this. The greater issue above this all is just one - performance. Thanks a lot!
View 3 Replies
View Related
Feb 26, 2004
I am trying to call a stored procedure inside a SQL SELECT statement. Has anybody had to do this in the past? I have a SELECT statement in a Microsoft Access database and I need that SELECT statement to call the stored procedure in the SQL server. Any help would be appreciated
View 4 Replies
View Related
Mar 21, 2008
I have nested a Stored Procedure within a stored procedure. The nested stored procedure ends in a select statement. What I'd like to do is either capture the results of the select statement (it will be 1 row with 3 columns, I only need the contents of first column), or suppress the select statement from displaying in the final results of the Stored Procedure it is nested in.
Is there any way to do either of those?
View 1 Replies
View Related
Jul 20, 2005
There is a form in an Access Project (.adp, Access front end with SQLServer) for entering data into a table for temporary storing. Then, byclicking a botton, several action stored procedures (update, append) shouldbe activated in order to transfer data to other tables.I tried to avoid any coding in VB, as I am not a professional, but I havefound a statement in an article, that, unlike select queries, form's InputProperty can't be used for action queries. Therefore, parameters can bepassed to action stored procedure only by using ADO through VB.As I'm not very familiar with VB, I had to search in literature.So, this is a solution based on creating Parameter object in ADO and thenappending values to Parameter collection.Please, consider the following procedure I created for passing parametersfrom form's control objects (Text boxes) to a stored procedureDTKB_MB_UPDATE:Private Sub Command73_Click()Dim cmd As ADODB.CommandSet cmd = New ADODB.Commandcmd.ActiveConnection = CurrentProject.Connectioncmd.CommandText = "DTKB_MB_UPDATE"cmd.CommandType = adCmdStoredProcDim par As ADODB.ParameterSet par = cmd.CreateParameter("@DATE", adDBTimeStamp, adParamInput)cmd.Parameters.Append parSet par = cmd.CreateParameter("@BATCH_NUMBER", adVarWChar, adParamInput, 50)cmd.Parameters.Append parSet par = cmd.CreateParameter("@STATUS", adVarWChar, adParamInput, 50)cmd.Parameters.Append parSet par = cmd.CreateParameter("@DEPARTMENT", adVarWChar, adParamInput, 50)cmd.Parameters.Append parSet par = cmd.CreateParameter("@PRODUCTION", adVarWChar, adParamInput, 50)cmd.Parameters.Append parSet par = cmd.CreateParameter("@SAMPLING_TYPE", adVarWChar, adParamInput,50)cmd.Parameters.Append parcmd.Parameters("@DATE") = Me.DATEcmd.Parameters("@BATCH_NUMBER") = Me.BATCH_NUMBERcmd.Parameters("@STATUS") = Me.STATUScmd.Parameters("@DEPARTMENT") = Me.DEPARTMENTcmd.Parameters("@PRODUCTION") = Me.PRODUCTIONcmd.Parameters("@SAMPLING_TYPE") = Me.SAMPLING_TYPEcmd.ExecuteSet cmd = NothingEnd SubUnfortunately, when clicking on the botton, the following error apears:"Run-time error'-2147217913 (80040e07)':Syntax error converting datetimefrom character string."Obviously, there is some problem regarding parameter @DATE. In SQL Server itis datetime, on the form's onbound text box it is short date (dd.mm.yyyy)data type. I have found in literature that in ADO it should beadDBTimeStamp.So, what is the problem ?Greetings,Zlatko
View 2 Replies
View Related
Feb 15, 2008
Hello
In our company, after switching to Office 2007, Access 2007 runtime is installed on our general user machines.
Everything is just fine and beautiful, except that there is one issue with runtime:
Several forms in my Access Project use stored procedures in SQL Server 2000 as their record source. When i try to open the forms in Access 2007 Runtime on user machines, i receive an error that "The record source dbo.Myprocedure speified on this form or report does not exist ".
I use dbo.ProcName format and the forms open correctly in my full version Access.
What could be the problem?
Thanks!
Elman
View 10 Replies
View Related
May 7, 2008
In my SPs, I commonly have a situation, where a SELECT statement gets a single scalar value (e.g. SELECT Name FROM Employee WHERE id=@id) from a table.
Because the result is still a relation, I cannot process it directly or assign the result to a variable
(like set @name = SELECT Name FROM Employee WHERE id=@id)
So, how can I process the results of the statement in this case.
In some other cases, the result is actually a relation. And I want to iterate over all rows, processing each row's columns.
(I know this smells of ADO.NET, but how can I help it if I am coming from that background)...
The point is I want to do all this in T-Sql on server side!!!
View 13 Replies
View Related
Apr 14, 2008
Hello,
I have a database (SQL 2005) with two schemas (dbo and s1) and with tables defined in dbo and tables defined in s1. The stored procedures are also defined in both schemas, some of them in dbo some of them in s1. Some of the stored procedures query tables from dbo and s1 at the same time.
I want to have a new db role with access to the database only through sps and no other access read/write to the tables. I created a new db role and granted execute permission to it and assigned a user to it.
When I execute stored procedure defined in dbo with query against dbo tables, it works as expected.
However, if I run stored procedure defined in s1 with query to table in dbo, I receive error about missing select permission for the table in dbo. I am not sure why, but I can assume there is an issue with the ownership chain.
I can grand read/write permission for the tables, but this will break our original requirement for limited access to the db only through sp.
The other option is to have another role r2, with read/write, privilege and to use EXECUTE AS r2 in the sp.
I would like to ask first why the error for missing select permission happens and is there another way to have role restricted to only execute permission for all stored procedures.
Thanks,
IT
View 5 Replies
View Related
Sep 22, 2015
disable the following system stored procedure (xp_grantlogin and xp_revokelogin)?
View 5 Replies
View Related
Jul 20, 2005
Hi,Has any one ever compared the performance of calling a DataTable'sSelect method with a stored procedure doing the same thing?My point is:dataRows = DataTable.Select(filter) is better orPassing paramters to stored procedure?The datatable holds about 500-700 rows at any given time.If I select one of the approaches the business logic will go intorespective layers.With dotnet in picture what would be a good approach- Have the data in Datatable and do a filter on the data or callstored procedures which has been the convention.Can some one pl. suggest?
View 3 Replies
View Related
Aug 17, 2000
We have been asked to look into using stored procedures with SQL Server 7.0 as a way to speed up a clients site. 99% of all the articles I have read along with all the books all say Stored Procedure should be used whenever possible as opposed to putting the SQL in your ASP script. However one of my colleagues has been speaking to Microsoft and they said that that they were surprised that our client wanted to use Stored Procedures as this was the old method of database access and that now he should really consider using COM objects for data access as itis much faster. Has anyone got any views on this or know of any good aticles regarding this matter ?
View 1 Replies
View Related
Apr 3, 2015
Is there a way in SQL server that can generate stored procedures for select, insert, update, delete on certain tables?
View 4 Replies
View Related
Feb 11, 2008
Hi all,
In my SQL Server Management Studio Express (SSMSE), pubs Database has a Stored Procedure "byroyalty":
ALTER PROCEDURE byroyalty @percentage int
AS
select au_id from titleauthor
where titleauthor.royaltyper = @percentage
And Table "titleauthor" is:
au_id title_id au_ord royaltyper
172-32-1176
PS3333
1
100
213-46-8915
BU1032
2
40
213-46-8915
BU2075
1
100
238-95-7766
PC1035
1
100
267-41-2394
BU1111
2
40
267-41-2394
TC7777
2
30
274-80-9391
BU7832
1
100
409-56-7008
BU1032
1
60
427-17-2319
PC8888
1
50
472-27-2349
TC7777
3
30
486-29-1786
PC9999
1
100
486-29-1786
PS7777
1
100
648-92-1872
TC4203
1
100
672-71-3249
TC7777
1
40
712-45-1867
MC2222
1
100
722-51-5454
MC3021
1
75
724-80-9391
BU1111
1
60
724-80-9391
PS1372
2
25
756-30-7391
PS1372
1
75
807-91-6654
TC3218
1
100
846-92-7186
PC8888
2
50
899-46-2035
MC3021
2
25
899-46-2035
PS2091
2
50
998-72-3567
PS2091
1
50
998-72-3567
PS2106
1
100
NULL
NULL
NULL
NULL
////////////////////////////////////////////////////////////////////////////////////////////
I try to do an ADO.NET 2.0-VB 2005 programming in my VB 2005 Express to get @percentage printed out in the VB Form1. I read some articles in the websites and MSDN about this task and I am very confused about "How to Work with Output Parameters & Report their Values in VB Forms": (1) Do I need the Form.vb [Design] and specify its properties of the object and classes I want to printout? (2) After the SqlConnectionString and the connection.Open(), how can I bring the value of @percentage to the Form.vb? (3) The following is my imcomplete, crude draft code:
Imports System.Data
Imports System.Data.SqlClient
Imports System.Data.SqlTypes
Public Class Form1
Dim connectionString As String = "Data Source=.SQLEXPRESS;Initial Catalog=pubs;Integrated Security=SSPI;"
Dim connection As SqlConnection = New
SqlConnection(connectionString)
Try
connection.Open()
Dim command As SqlCommand = New SqlCommand("byroyalty", connection)
command.CommandType = CommandType.StoredProcedure
...................................................................
..................................................................
etc.
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
From the above-mentioned (1), (2) and (3), you can see how much I am lost/confused in attempting to do this task. Please help and give me some guidances and good key instructions for getting the output parameter printed out in the FORM.vb in my VB 2005 Express project.
Thanks in advance,
Scott Chang
View 11 Replies
View Related
Jul 23, 2005
I want to know the differences between SQL Server 2000 storedprocedures and oracle stored procedures? Do they have differentsyntax? The concept should be the same that the stored proceduresexecute in the database server with better performance?Please advise good references for Oracle stored procedures also.thanks!!
View 11 Replies
View Related
