Re: Is there cascading permission?

---

• From: "Arnie Rowland" <arnie@xxxxxxxx>
• Date: Thu, 12 Oct 2006 09:36:37 -0700

---

See:

Security -Giving Permissions through Stored Procedures
http://www.sommarskog.se/grantperm.html


--
Arnie Rowland, Ph.D.
Westwood Consulting, Inc

Most good judgment comes from experience.
Most experience comes from bad judgment.
- Anonymous


"michael" <howlinghound@xxxxxxxxxxxxx> wrote in message
news:F84CE2FB-8709-4B68-BB3C-9F86722B9A8E@xxxxxxxxxxxxxxxx

So, if a user has permission to execute a stored procedure which in turn
consumes objects that the same user does not have explicit permissions
defined, the stored procedure will execute without security issues?

And, if a user has permission to execute a stored procedure which in turn
consumes objects that the same user is explicitly denied permisions, will
the
stored procedure still execute without security issues?

Where can I find documentation on how this security cascades?


--
Michael Hockstein


"Uri Dimant" wrote:

Yes, it is.

"michael" <howlinghound@xxxxxxxxxxxxx> wrote in message
news:CAB858A0-22F5-410C-842E-A0FE19C84343@xxxxxxxxxxxxxxxx

Let's say that I have a view that has no explicit permissions defined
for
users. Let's also say that I write a stored procedure which uses this
view.

Now, if I give explicit permissions to a user to EXEC the stored
procedure,
will the procedure execute correctly even if I don't explicitily give
permissions (such as SELECT) for the user to the view?


--
Michael Hockstein

.

---

• Follow-Ups:
  • Re: Is there cascading permission?
    • From: michael

• References:
  • Re: Is there cascading permission?
    • From: Uri Dimant

• Prev by Date: Re: Securely deleting tables
• Next by Date: Remove all permission restrictions
• Previous by thread: Re: Is there cascading permission?
• Next by thread: Re: Is there cascading permission?
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Logon failed for user ". but only for membership tables in same database that other request wor ... I was able to log on to computer b and execute the stored procedure. ... was no error after I corrected the permissions for the user. ... I can access the stored procedure but I can not use membership.validateuser. ... You may use the GRANT statement to grant the EXECUTE permission for a ... (microsoft.public.sqlserver.security) Re: Executing dynamic select statement in a SP ... EXECUTE permissions for a stored procedure default to the owner of the ... the statementwithin the EXECUTE string are checked at the time EXECUTE ... > everything works just fine but with dynamic SQLs when I ... (microsoft.public.sqlserver.security) With in a SP Truncate dbo.table table-name permissions.. ... If i give execute permission to this ... truncate table permissions on the table. ... If a user who creates a stored procedure does ... not qualify the name of the tables referenced in SELECT, ... (microsoft.public.sqlserver.security) Multiple Database Security - How to handle ... The problems are security maintenance. ... to the store procedure and permissions to the DM for the ... a stored procedure that accesses DM to get employee info. ... has execute permissions then the procedure is executed as ... (microsoft.public.sqlserver.security) Re: SET IDENTITY_INSERT Privileges? ... on the stored procedure to get around this. ... stored procedure and the user has execute permissions on the ... How do I grant permission to a SET Statement?? ... (microsoft.public.sqlserver.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.sqlserver.security  > 2006-10