Re: Sql permissions headache

---

• From: "Mike C#" <xyz@xxxxxxx>
• Date: Tue, 22 Aug 2006 17:04:37 -0400

---

Well, at the bottom of all of the scripts I create for database object
creation (tables, views, stored procs, etc.), I put a GRANT statement to
apply permissions to that object on creation. Are your users already
grouped together under roles for each application at least? If so, GRANTing
object permissions at the end of your object creation scripts should be a
(fairly) trivial matter.

"bill" <bill@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:30625C86-D80C-494D-AB8E-63566A27AD93@xxxxxxxxxxxxxxxx

We are actually using both. We have some older systems that don't
recognize
Windows authentication.

Bill

"Mike C#" wrote:

Are you using Integrated security or SQL Authentication?

"bill" <bill@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:482EB4F8-7055-405A-AD5F-F2B3A6D68AE1@xxxxxxxxxxxxxxxx

In many of our older sql databases I find that the users were all made
"dbo".
I was told this is because no one really knew the minimum permissions
needed
by the apps that accessed the database. (I'm afraid that this practice
may
creep into production databses.)

Read and write permissons are easy to address but stored procs are
harder.
We are always adding new ones to a DB and, if we don't make all users
dbo,
we
need to explicitly add permissions to each stored proc. At least that's
what
I think we need to do.

Can you suggest a better approach to determine the minimum permissions
needed to access a database?

Bill

.

---

• Follow-Ups:
  • Re: Sql permissions headache
    • From: bill

• References:
  • Re: Sql permissions headache
    • From: Mike C#

• Prev by Date: Re: in sql server 2000 when you issue a alter table to add new column, can you specifiy the order? meaning i want that column to be between existing columns, not at the last
• Next by Date: Re: OSQL Batch File Problem
• Previous by thread: Re: Sql permissions headache
• Next by thread: Re: Sql permissions headache
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Sql permissions headache ... sync the databases and stored procs. ... By scripting all of your database objects and the permissions ... Knowing which permissions to assign each group is not going to be easy... ... (microsoft.public.sqlserver.security) Re: Sql permissions headache ... scripts as such. ... creation (tables, views, stored procs, etc.), I put a GRANT statement to ... apply permissions to that object on creation. ... (microsoft.public.sqlserver.security) Understanding of permissions ... I have a database with stored procs that handle the record ... directly issuing these commands. ... SELECT permissions if the proc issues a select statement? ... (microsoft.public.sqlserver.security) Re: Sql permissions headache ... By scripting all of your database objects and the permissions ... Knowing which permissions to assign each group is not going to be easy... ... creation (tables, views, stored procs, etc.), I put a GRANT statement to ... (microsoft.public.sqlserver.security) Re: Creating a new database via a store procedure ... It's a common misconception that permissions are inherited from the ... object owner. ... a user must have CREATE DATABASE permissions or be ... > creation of specific database to some user. ... (microsoft.public.sqlserver.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.sqlserver.security  > 2006-08