May 5, 2009 at 6:08 am
HI
My requirement is as follows:
i have a limited mostly read-only database user.
I need to give access to this user to ren xp_cmdShell.
The purpose is that this user will execute a stored proc/job which will do a bcp and a third party ftp tool through a .bat file.
Can you guys please list down the steps that needs to be done to achieve this?
Thanks in advance.
May 5, 2009 at 9:34 am
You would issue a GRANT EXECUTE ON XP_CMDSHELL to the user.
However I'd recommend that you create a role and then assign the rights to that, allow the user to then be added to the role.
Alternatively you might create a job to execute the bat file and stored procedure. Execute this job every minute, and at the start, check a table for a 1 value. If it's there, run the bat file and then set the value to 1. If not, do nothing.
Let the user have rights to set a "1" in the table.
This distances the user and prevents them running other shell commands.
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply