November 8, 2010 at 12:49 pm
Is there a way to limit a Domain group's permissions to View and Execute stored procedures and nothing else? I have to give them 'connect' permissions which allows them to see the entire db structure.
November 8, 2010 at 2:38 pm
Is the question really dumb or has nobody done it before? LOL
November 8, 2010 at 2:48 pm
Not sure about your question.
You are asking to provide a cred "View definition" permission and "Execute" permission?
If yes you can give such rights to the creds and not have to give connect permission.
Why do you need the user to have connect permission?
---------------------------------------------------------------------------------------
It begins by taking the first step.
November 8, 2010 at 2:52 pm
You can create a role and grant execute rights to it, then put the domain group into that role. That allows execution of procs.
I like to create a user called "datauser" that has datareader, datawriter, and execute rights. Comes in handy.
- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
November 8, 2010 at 4:52 pm
What if I do not want the user to see anything besides the SP and Views?
I granted execute and view, they can't see anything until I also give 'connect'
November 9, 2010 at 6:39 am
Put the SPs and views in a separate schema and only give permission on that. Or a separate database. Two-part or three-part names in them will work with that.
- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
Viewing 6 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply