September 15, 2014 at 10:31 am
Hi,
We have been directed to remove all user permissions from all extended procedures containing 'xp_reg'. hmm
We had only two with user perms: xp_instance_regread, xp_regread.
When I removed public from the procedures on our dev DB, programmers without sysadmin privileges got "EXECUTE permission was denied on object" when right clicking on a table in Management Studio.
So...I tried adding a developer role with execute privileges on the individual extended procedures in master, but that gives an error "Unspecified error (MS Visual Database Tools)" when non sysadmins right click on design for a table in Management Studio.
I'd like to be able to allow developers edit access to their assigned databases without making them sysadmin or db_owners.
Currently programmers are granted a "Developer" role in individual databases and for the Activity Monitor instance privileges to View any database/any definition/server state.
Any ideas?
Thanks, D
September 15, 2014 at 10:43 am
I believe that the issue is that the tools require use of these procedures to return the default path information to the UI. Things like Default Data Directory and Default Log Directory.
Considering that these are read only and undocumented I'm not sure what the harm is in having execute rights on them.
Jack Corbett
Consultant - Straight Path Solutions
Check out these links on how to get faster and more accurate answers:
Forum Etiquette: How to post data/code on a forum to get the best help
Need an Answer? Actually, No ... You Need a Question
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply