I'm working with SQL Server on a database which has tables, views and stored procedures. This database will surely be used by some other persons and I want to block the access to my stored procedures code. Is it possible to do that?
You can encrypt procedure code (if that is what you want to hide) by adding "With Encryption":
Create Procedure MyProc
With Encryption
As
Select 1;
But for sysadmins its still will be possible to get to procedure code (with a bit of effort).
You can revoke their EXECUTE permission on your stored procedure something like this..
REVOKE EXECUTE ON OBJECT::dbo.Proc_Name
FROM NaughtyPerson;
GO
Related
I would like to have one script to remove the specific user group to execute all stored procedures on the specific database in SQL Server 2014. I searched the web and found the example at Grant Revoke Permissions On Stored Procedures in SQL Server. It looks like I need create the script for all stored procedure.
Also I found another website REVOKE Object Permissions (Transact-SQL). However I have no clue how to write it as one script for all stored procedure.
Also I tried to use the below script in the database, but the Sales group still has permission on the stored procedure.
revoke execute to [Sales]
Would anyone tell me what should I do?
I have a stored procedure Which we call it Test here.
For simplicity I modified the SP code to:
Select * from table A
I can run this SP without any issues.
Now if I use Dynamic SQL
#SQL='Select * from table A'
EXECUTE (#SQL)
I get
The SELECT permission was denied on the object 'A', database 'MyDb', schema 'dbo'.
What is different here?
Dynamic SQL has this restriction/limitation. When you use dynamic sql inside a stored procedure , even if the calling user has the permissions on the stored procedure , the user also need permissions on the tables/objects being called inside the dynamic sql .
You have two options
Do not use Dynamic sql at all.
Give the calling user permissions on the table being used inside the dynamic sql.
This error comes when the user does not have the sufficient privileges
to access your tables in the database. Do grant the privilege to the
user in order to get what you want.
Grant The Permission For Select statement(or any other if you want).
I have a script which generates a database for a given {databaseName}, and then creates a login for a given {loginName} for this database.
I then want restrict this user to only be able to view this database, and no others.
I have this working through the use of:
USE [{DatabaseName}]
GO
ALTER AUTHORIZATION ON DATABASE::[{DatabaseName}] to [{LoginName}]
GO
USE [master]
GO
DENY VIEW ANY DATABASE TO [{LoginName}]
GO
I have now put this into a stored procedure, but I cannot change to the [master] database to execute the last line:
DENY VIEW ANY DATABASE TO [{LoginName}]
Is there a way to restrict the user from seeing other database from within a stored procedure?
The stored procedure is currently on another database, but I am able to move it.
You can change the database context for a given SQL command by doing something like this:
master.dbo.sp_executesql N'print db_name()'
Although I suspect there might be a better way to do what you're trying to do
I have restored a 2005 Database to a new 2008 R2 DB Server. I have created a new user called "gatekeeper"
However this user does not have access to the list of stored procedure in the database.
In a reporting application before running the query the report program is running the following procedure...
exec [Timesheet]..sp_procedures_rowset N'mp_GetTimesheetToPrint',1,N'dbo'
When run under gatekeeper user this returns no rows. However when run as sa it returns the procedure.
What is the minimum permission I need to give to gatekeeper for this procedure to work properly. It seems to be a problem with all system objects, none of them fail to run or give permission errors, they just return no results or subsets of the results.
Really struggling with this. Thanks in advance
Regards
Phil
I am honestly a bit confused by your description, so please let me know if I am off base here. You can try this below. It will grant execute access to all stored procedures. If you only need gatekeeper to have access to the one stored procedure, then just grant execute on that stored procedure. If the stored procedure is accessing data from other databases, you may need to grant permissions on the tables and such that it is accessing outside of its database.
CREATE ROLE db_executor
GRANT EXECUTE TO db_executor
EXEC sp_addrolemember 'db_executor', 'gatekeeper'
I want to give a user access to a stored procedure, but not to all the objects in the database the stored procedure needs to use.
What is the best way to give rights to the stored procedure to enable it to work, but only grant execute access to the user to run it.
I am using sql server 2000 sp4.
From MSDN
Users can be granted permission to
execute a stored procedure even if
they do not have permission to execute
the procedure's statements directly
try
exec grant exec ON 'myprocname' TO 'myusername'