Search
Subscribe
Categories
- Backup and Restore
- Configure
- Contact me
- CPU
- Data Architecture
- Data Import and Export
- Database Mirroring
- DBA
- DBA Scripts
- Deadlocks
- Development
- Disaster Recovery
- Disk Storage
- DMV
- Documentation
- Event Log
- Function
- High Availability
- Indexes
- Install & Setup
- Interviews
- IO Subsystem
- Jobs
- Links
- Locking
- Memory
- Monitor Performance
- MSDB
- Network
- Object Management
- Pagination
- Partitioning
- Performance
- Powershell
- Security Management
- SQL Agent
- SQL Azure
- SQL Cachestore
- SQL Error Logs
- SQL Optimizer
- SQL problems
- SQL Server Error Tips
- SQL Server Management Studio
- SQL Server Profiler
- SQL Server Tuning
- SQL View
- SQLServer-DBA News
- SSIS
- Statistics
- T-SQL
- TempDB
- Tools
- TPC-H
- Transaction Logs
- Virtualization
- Wait Stats
Recent Posts
- How to check Operating System type with Powershell
- ALTER TRACE and developers
- Predict ALTER INDEX REORGANIZE finish time
- Cannot connect to SQL Server
- Timeout occurred while waiting for latch: class 'LOG_MANAGER'
- The instance of the SQL Server Database Engine cannot obtain a LOCK resource at this time
- How to create a SQL Server Security Audit
- Cannot use Large Page Extensions: lock memory privilege was not granted
- Compare two files with Powershell
- Export-CSV Powershell
Granting execute rights to all stored procedures used to be a cumbersome problem up to before SQL Server 2005. You either had to give elevated rights to the user or run a script to GRANT EXECUTE on every stored procedure.
I still see plenty of databases where a DBA has granted db_owner rights , simply to allow stored procedures use.
There is now a more elegant solution , using ROLES. Which also have the added advantage of complying with security best practises , and many corporate security policies I’ve read.
-- create database role CREATE ROLE db_execute -- grant EXECUTE permission to database role db_execute GRANT EXECUTE TO db_execute -- add database user account to the role exec sp_addrolemember 'db_execute', 'database_user_acct'
An alternative is to use schemas and apply execute on the schema
e.g
GRANT EXECUTE on myschema TO [myuseracct]
Be careful , in applying these roles – as you may allow access to functions or stored procedures , which are developed in the future. Adding this role to the database user will allow all future stored procedures to be accessed.
Author: Jack Vamvas (http://www.sqlserver-dba.com)
Author: Jack Vamvas (http://www.sqlserver-dba.com)
Verify your Comment
Previewing your Comment
This is only a preview. Your comment has not yet been posted.
As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.
Having trouble reading this image? View an alternate.
Posted by: |