October 21, 2005 at 5:36 am
Hello everyone,
I have a web application that uses a sql 2000 db as the back end. There are many tables, sp's, view, functions etc in this db, and I want the web app to only have access the objects it needs access to in order to function normally, and also to only have sufficient rights on those objects (e.g. only select permissions granted when it does not normally need to update, delete etc). Many of these objects are not used by this web application.
I have considered using profiler to generate a list of objects accessed for this, but don't know it well enough to know how to get what I want.
Can anyone give me some tips and advice on the best way to achieve this?
Many thank,
Martin
October 21, 2005 at 7:04 am
In your database, are all objects owned by one owner e.g. dbo?
In your webapp, does it only call SPs?
If both are true, you can find all the SPs called by the webapp by means of profiler (PRC starting event).
Define a dabaste role in your DB, grant exec permission on the SPs to the database role. Add the login(s) that your webapp is using to the database role.
October 21, 2005 at 8:45 am
Thanks for the reply, peterhe. Sadly, it does run uncompiled sql statements like select, update etc. All objects are owned by dbo though.
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply