Confused about Strored Proc exec perms vs table permissions.
-
Heres the scenario.
Table - Grants update rights to managers.
Stored Procedure - updates said table. This stored procedure allows public to exec.
Can anyone run the stored procedure and update the table or just Managers?
-
everyone. The only difference is that the managers can update the table directly while public must use the procs.
-
Thank you. Im always amazed at how fast the members post on this forum.
-
I've already seen a thread with 10 answers in 15 minutes... This was a slow one by our standards
. -
This is not the whole truth though. If the table and procedure have the same owner, then yes everyone can update the table by executing the procedure. This works because of ownership chaining.
If the table is owned by a different user than the owner of the procedure, then the ownership chain is broken. Now the permissions are checked for the user executing the procedure to see if that user has update rights to the table.
-
Hence the best practice of having everything owned by dbo (or at least the same user).
Thanx for pointing that out Chris.
Viewing 6 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply