August 1, 2005 at 9:14 am
Guys,
I take it I am right in thinking that a granting a non admin user execute permissions on a stored procedure only allows them to SELECT, INSERT, UPDATE and DELETE, and that they still won't be able to CREATE and DROP permanent tables, even if this code is in the Stored Procedure?
Carl
August 1, 2005 at 10:25 am
It appears from my testing, that if a create table is in the sproc, the grant execute does indeed create those permissions. I setup a simple sproc to create a table, granted execute permissions to a test account with no other permissions (outside public) and it worked. However the table was created as test.mytable (user id was test) when run by the user. When run by the sa, it was dbo.mytable.
August 1, 2005 at 10:30 am
Hi,
I have tested the thoery myself by creating a test sproc and the user does not have permissions to create tables. I beleiev the user would need ddladmin rights as well as exec permissions on the sproc to do this.
When I attempted to run the sproc as the normal user I got permission errors, although I myself was able to run the sproc and create the table.
I created a similar sproc to delete from a table and the user did have permissions to do this.
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply