Re: Is there cascading permission?

Check out 'ownership chains' in the SQL Server Books Online. The principal is basically that permissions on indirectly referenced objects are not needed as long as the objects (or schema on 2005) involved have the same owner.

--
Hope this helps.

Dan Guzman
SQL Server MVP
"michael" <howlinghound@xxxxxxxxxxxxx> wrote in message news:0EED2BFD-1EA5-4DA8-A512-C4D8E91CEFC0@xxxxxxxxxxxxxxxx
Thanks. I'll look at the reference. BTW, your tag line is one of my favorite
all time sayings.

--
Michael Hockstein


"Arnie Rowland" wrote:

See:

Security -Giving Permissions through Stored Procedures
http://www.sommarskog.se/grantperm.html


--
Arnie Rowland, Ph.D.
Westwood Consulting, Inc

Most good judgment comes from experience.
Most experience comes from bad judgment.
- Anonymous


"michael" <howlinghound@xxxxxxxxxxxxx> wrote in message
news:F84CE2FB-8709-4B68-BB3C-9F86722B9A8E@xxxxxxxxxxxxxxxx
> So, if a user has permission to execute a stored procedure which in > turn
> consumes objects that the same user does not have explicit permissions
> defined, the stored procedure will execute without security issues?
>
> And, if a user has permission to execute a stored procedure which in > turn
> consumes objects that the same user is explicitly denied permisions, > will
> the
> stored procedure still execute without security issues?
>
> Where can I find documentation on how this security cascades?
>
>
> -- > Michael Hockstein
>
>
> "Uri Dimant" wrote:
>
>> Yes, it is.
>>
>> "michael" <howlinghound@xxxxxxxxxxxxx> wrote in message
>> news:CAB858A0-22F5-410C-842E-A0FE19C84343@xxxxxxxxxxxxxxxx
>> > Let's say that I have a view that has no explicit permissions >> > defined
>> > for
>> > users. Let's also say that I write a stored procedure which uses >> > this
>> > view.
>> >
>> > Now, if I give explicit permissions to a user to EXEC the stored
>> > procedure,
>> > will the procedure execute correctly even if I don't explicitily >> > give
>> > permissions (such as SELECT) for the user to the view?
>> >
>> >
>> > -- >> > Michael Hockstein
>>
>>
>>




.

Relevant Pages

  • Re: Logon failed for user ". but only for membership tables in same database that other request wor
    ... I was able to log on to computer b and execute the stored procedure. ... was no error after I corrected the permissions for the user. ... I can access the stored procedure but I can not use membership.validateuser. ... You may use the GRANT statement to grant the EXECUTE permission for a ...
    (microsoft.public.sqlserver.security)
  • Re: Executing dynamic select statement in a SP
    ... EXECUTE permissions for a stored procedure default to the owner of the ... the statementwithin the EXECUTE string are checked at the time EXECUTE ... > everything works just fine but with dynamic SQLs when I ...
    (microsoft.public.sqlserver.security)
  • With in a SP Truncate dbo.table table-name permissions..
    ... If i give execute permission to this ... truncate table permissions on the table. ... If a user who creates a stored procedure does ... not qualify the name of the tables referenced in SELECT, ...
    (microsoft.public.sqlserver.security)
  • Re: SET IDENTITY_INSERT Privileges?
    ... on the stored procedure to get around this. ... stored procedure and the user has execute permissions on the ... How do I grant permission to a SET Statement?? ...
    (microsoft.public.sqlserver.security)
  • Re: app role has exec permission but still cant execute sp
    ... that the stored procedure references in it's code. ... ADO connection sometimes opens a new connection to the server if the first ... > The stored procedure which I can't execute is below, ... >>> well as some users with no permissions. ...
    (microsoft.public.sqlserver.security)