Stop Customers from Modifying Stored Procedures

  • I was wondering if there is a way to stop customers from modifying a stored procedure.

    I know you can encrypt them but all that does is create an admin and development headache. Not to mention in a few minutes they can grab a script off Google to decrypt them.

    You can try to remove permissions on the syscomments but this only works for users and you cannot do the DBO group so a customer that is an admin is still able to change the procs.

    The best I have come up with is a DDL trigger which would prevent the deletion or altering of a proc. Unfortunately, a DB Admin could figure this out and disable the trigger.

    Does anyone have another way?

  • dont prevent the user from doing so, and i dont think that u can prevent a DB Admin from droping a sp.

    but u can make the DDL trigger to recreate the procedure after the user deleted it,or u can kill his session if he tryed to drop a sp, and u can use the mail notification with the code of the stored procedure that have been droped.

    ..>>..

    MobashA

  • Are we talking developers or end users? What database roles and object permissions do the users have? End users shouldn't be dbo or members of any administrative database role. They should be able to execute stored procedures and nothing else.

    Greg

  • If you're talking about for customers who have servers which you have no control over, you can't. That's the bottom line. As you indicated, even if you use encryption, they can decrypt if they have any kind of search skills.

    I guess the better way to handle this is in the support contract or EULA. If they change the schema in any way, then you don't guarantee support until they bring the database back into a state you support.

    K. Brian Kelley
    @kbriankelley

Viewing 4 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply