May 27, 2008 at 2:39 pm
So, we have a need for 3 SQL logins that currently have DBO permission on a database to be denied permission to execute 2 stored procedures (I'll call them "Most_SP_USER" for now). And for a new SQL login to ONLY be able to execute those 2 stored procedures (I'll call it "2_SP_USER" for now). I can go into SP permissions and deny execute for the procedures to the 3 "Most_SP_USER" logins, but later if a 4th "Most_SP_USER" login is created that needs to match the 3, I will have to remember to deny the new one also.
To complicate things, one of the 2 SPs joins to a table in another DB, and I'd like the new login "2_SP_USER" to be able to have read access to just that table in the other DB
What is the best way to accomplish these tasks, with an eye to minimizing admin work in the future ? Any thoughts ?? (Did I explain this clearly enough ?)
TIA
May 27, 2008 at 3:03 pm
you should be using roles exclusively, not adding people to dbo, db_owner, or giving them permission.
Create user defined roles, assign people to those roles and things are much simpler.
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply