Menu
I have a database which has an application role. The role members all belong to a group in Active Directory. Instead of giving the role permissions to select from the tables I have given the role execute permissions on all of the stored procedures that it needs to call.
This works fine except for one of my stored procedures which is building up some dynamic SQL and calling sp_executesql.
The dynamic sql looks sort of like this:
SET @SQL = N'
SELECT *
FROM dbo.uvView1
INNER JOIN uvView2 ON uvView1.Id = uvView2.Id'
EXEC sp_executesql @SQL
The users in this role are failing to call the stored procedure. It gives the following error which is sort of expected I suppose:
The SELECT permission was denied on the object 'uvView1', database 'Foobar', schema 'dbo'.
Is there a way I can have my users successfully execute this proc without giving the role permissions to all of the views in the dynamic SQL?
656
You can use only a DDL COMMENT statement as dynamic SQL in a stored procedure. You cannot specify a DML COMMENT statement to fetch the comments for database objects, columns of a table, and parameters. A CREATE DATABASE or CREATE USER statement used as dynamic SQL in a stored procedure must contain the FROM clause.
Expand Stored Procedures, right-click the procedure to grant permissions on, and then select Properties. From Stored Procedure Properties, select the Permissions page. To grant permissions to a user, database role, or application role, select Search.
All replies. GRANT EXEC TO putte -- Grant EXEC permission all procedures in the database.
Using CTEs, for instance, you can use SELECT from <subquery> in Open SQL. In my case I needed to execute dynamic SELECT count( DISTINCT col1, col2, …) which is not possible in the regular OpenSQL.
Yes.
Add an EXECUTE AS CALLER clause to the procedure, then sign the stored procedure and give the required permission to the signature. This is 100% safe, secure and bullet proof. See Signing Procedures with Certificates.
159
Can you use impersonation to another ID with the required permissions?
SET @SQL = N'
EXECUTE AS USER = ''TrustedUser'';
SELECT *
FROM dbo.uvView1
INNER JOIN uvView2 ON uvView1.Id = uvView2.Id'
EXEC sp_executesql @SQL
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
