September 17, 2004 at 3:41 pm
I've been trying to clean up a database that has privileges granted to individual users and convert these to use roles instead. I just ran into a case where a user was granted access to execute a stored proc that issued an "update statistics" command on a table. This would run fine with the permissions granted to the user, but when I created a role and added the user to the role and granted permission to execute the stored proc to the role, the execution of the stored proc now fails. Is there some fundamental difference in how permissions are granted to users vs roles? Why can't a role execute the "update statistics" command?
Thanks In Advance!!!
Brian
September 20, 2004 at 8:00 am
This was removed by the editor as SPAM
September 20, 2004 at 1:04 pm
Any chance the original user's permissons were DBO or some kind of admin role on the server? Was the original user the owner of the database?
I ask all of these questions because according to BOL, "UPDATE STATISTICS permissions default to the table or view owner, and are not transferable." I am not an authority, but this means to me that the user had to fall into one of the above categories for them to have been able to run that proc in the first place, and now you have revoked their rights to do do, and the role they are now a member of never had that right.
Chris
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply