Re: Control over creation of procs & views owned by dbo

From: Dan Guzman (guzmanda_at_nospam-online.sbcglobal.net)
Date: 10/28/04 

Date: Wed, 27 Oct 2004 19:02:25 -0500

To add on to Jasper's response, you could also change object ownership to
'dbo' with sp_changeobjectowner.

Regarding the second part of your question, stored procedures run in the
security context of the invoking user, not the object owner. Due to
ownership chains, permissions on indirectly referenced objects are not
checked as long as the objects involved have the same owner. Users only
need permissions on only directly referenced objects.

Note that ownership chains apply only to object permissions, not statement
permissions like CREATE. See the Books Online for more information. 

-- 
Hope this helps.
Dan Guzman
SQL Server MVP
"Mani" <Mani@discussions.microsoft.com> wrote in message 
news:17DE6BDF-E650-4002-8561-D28836F5F620@microsoft.com...
> Hi,
>
>  Is there a way to allow a user, who has access to a db say "DevDB" as
> db_datareader, to only create & drop stored procs and views in DevDB. What
> extra permissions does the user need ?
>
> I tried playing with the "grant create proc to user" command. But it lets
> the user create procs with him as owner. In the current case, the 
> application
> needs all objects to be owned by dbo, so the user needs to be able to run
> "create proc dbo.tempProc as ..."
>
> In case there is a solution to the above, we might fall into the next 
> trap.
> since the user can create procedures with dbo as the owner, if the SP has 
> a
> drop table command, that would execute in the owners context and hence 
> would
> drop the table. Is that right ? I guess the question is when an SP is
> executed does it use the permissions of the owner of the SP or the user
> executing the SP
>
> -- 
> Mani

Relevant Pages

  • Re: ntfs file permissions, ownership
    ... >> ownership (or do it by taking ownership, ... if an administrator account does not have change permissions access to ... being the "owner" of the computer itself. ...
    (microsoft.public.windows.server.scripting)
  • Re: Adding XP in another partition users into Vi$ta
    ... "The Owner tab shown in Figure 12.19 has no option for giving ownership to ... When logged in as a standard user, when you elevate you are logging in ... only be considered for deny permissions. ...
    (microsoft.public.windows.vista.security)
  • Re: Is There any Resource for SQL Managment
    ... The owner by default has permission to do all of this but ... that have the proper permissions granted, ... have 3 different schema's and assign dbo rights appropriately. ... Now we want to classified the database ...
    (microsoft.public.sqlserver.programming)
  • Re: Cannot delete file - Unable to remove permissions
    ... As a local administrator you can take ownership. ... The file has NTFS permissions inherited and I am unable to modify/ ... does not have an owner.. ...
    (microsoft.public.windows.file_system)
  • Re: Lets talk about ownership!
    ... They will have the same permissions but the permissions are meaningless as there is no user to match. ... According my previous example the user "Terry" has read/write permissions on folder NickData. ... Ownership doesn't really matter as long as you have permissions. ... XP can be configured in Local Security Policy to make the Admin group the owner for files created by admins. ...
    (microsoft.public.windowsxp.general)