Re: INSERT Permission

From: Dan Guzman (danguzman@nospam-earthlink.net)
Date: 09/11/02

• Next message: Chris Skorlinski: "Re: Using Windows Logins in MSDE"
• Previous message: Sue Hoegemeier: "Re: INSERT Permission"
• In reply to: simonzupan: "INSERT Permission"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Dan Guzman" <danguzman@nospam-earthlink.net>
Date: Wed, 11 Sep 2002 08:24:54 -0500

Answered in programming.

Please don't post the same question independently to multiple groups.
If you post to multiple groups, do so with a single post to avoid
duplicate efforts.

--
Hope this helps.
Dan Guzman
SQL Server MVP
-----------------------
SQL FAQ links (courtesy  Neil Pike):
http://www.ntfaq.com/Articles/Index.cfm?DepartmentID=800
http://www.sqlserverfaq.com
http://www.mssqlserver.com/faq
-----------------------
"simonzupan" <simon.zupan@gambit.si> wrote in message
news:k7funugju30unefjh938gtuh1o2gaeboss@4ax.com...
> I have a user with read permission on the table and execute permission
> for the stored procedure.
> The stored procedure inserts the record in the table.
>
> I can't insert the record in the table, I get error message :
> INSERT permission denied
>
> Is there some way to make it work ? Give the procedure the Insert
> permission or something like that ?
>
> I don't wont for user to have some other rights except SELECT on that
> table because of security reason. The user should insert the data into
> table only with stored procedure because there I have defined the
> parameters and check the user inputs so it can't make any damage to
> the table.
>
> If I give it the INSERT permission for that table, it can byPass the
> stored procedure and insert bad data into the table by url or some
> other way - I read about SQL Injection.
>
> Thank you for your answer,
> Simon

---

• Next message: Chris Skorlinski: "Re: Using Windows Logins in MSDE"
• Previous message: Sue Hoegemeier: "Re: INSERT Permission"
• In reply to: simonzupan: "INSERT Permission"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Security within a stored procedure ... Are you running dynamic SQL inside the sproc? ... permissions on base tables as long as the code in the stored procedure ... >data in the SQL Server database. ... >permission on the stored procedure but SQL still insists ... (microsoft.public.sqlserver.security) Re: Over-Protected ... The network admin admits to not having a strong knowledge of SQL. ... add user, 2) grant required permission to stored procedure on the server, ... (microsoft.public.sqlserver.security) Re: stored procedure xp_cmdshell ... It is generally a very bad thing to ever grant xp_cmdshell to a anyone. ... Granted you'll have to give this permission to the user ASP.NET is running ... I was originally planning to have the images to SQL, ... > xp_cmdshell stored procedure and of course the master database (which ... (microsoft.public.sqlserver.programming) Re: Revoking and Granting permissions.. SQL Security BugIssue ? ... Permissions on objects referenced by your stored procedure are not checked ... you are not referencing objects using dynamic SQL in your proc. ... > message 'EXECUTE permission denied on stored ... (microsoft.public.sqlserver.security) Re: pass stored procedure parameters in asp ... procedure and properties) of voidTran stored procedure and other ... I believe it is the permission issue. ... This email account is my spam trap ... (microsoft.public.inetserver.asp.general)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(11)