Reputation: 2502
Grant execute to stored procedure without SELECT permissions to underlying table
I don't think this is possible, but I hope I am missing something. Let's say I have this stored procedure in SQL Server 2012 SP3:
CREATE PROCEDURE [dbo].[myproc]
AS
SELECT * FROM [dbo].[mytable]
I want to grant a database principal the permission to execute [myproc] without granting the permission to SELECT on the underlying table.
I have tried all sorts of GRANT statements with no luck. When I execute myproc, I still get the error
select permission denied on mytable
The database principal is not the DB Owner and I do not want to make him the DB Owner.
Is what I am trying to do possible?
Thanks.
Upvotes: 2
Views: 8927
Answers (3)
Reputation: 11
If you don't want to make the DB Principle the owner then you need to grant it permissions with 'Grant With' in order to have them passed on further.
Assuming 'dbo' is the owner and 'ElevatedUser' is a new user with select permissions
GRANT EXECUTE ON [dbo].[myproc] TO ElevatedUser
WITH GRANT OPTION AS [dbo]
GRANT EXECUTE ON [dbo].[myproc] TO MyUser AS ElevatedUser
or if you are really stuck you can put it inside the stored procedure itself
CREATE PROCEDURE [dbo].[myproc]
WITH EXECUTE AS 'dbo'
AS
BEGIN
Upvotes: 1
Reputation: 71
Weicher, Unless there's a specific deny on the underlying table this grant statement should work:
GRANT Exec [dbo].[myproc] TO MyUser;
GO
Test it with code like this:
EXECUTE AS USER = 'MyUser';
GO
EXEC [dbo].[myproc]; -- should work
GO
SELECT id FROM [dbo].[table]; -- should fail
GO
REVERT;
When I've changed code six ways to Sunday, I like to start clean to make sure I didn't bollix something in inadvertently and be very purposeful. step. by. step.
- Make a test table, Grant MyUser read rights - can you run a select using the execute as user code?
- Remove read rights, does the select work? If it didn't, the world is still sane (somewhat). Now try with a new stored procedure
- Grant execute rights to MyUser - does it work?
If it does, then follow the same test on the actual table - Can you grant read rights, then can read rights be removed. If so recreate the SP and try again.
And sorry if that was too simplistic, no offense intended just wanted to make sure we were on the same page testing wise.
If it doesn't work, post the results of the test and I'll try to help further.
Upvotes: 2
Related Questions
- SQL Server stored procedure that grants itself EXECUTE permission
- Grant execute privilege to stored procedure on SQL Azure
- Granting a permission of a stored procedure to a user
- Grant EXECUTE permission Doesn't GRANT Select permission on tables
- How to grant execute permissions to the stored procedures in a specific schema?
- Granting execute permission on all stored procedures in a certain database
- stored procedure permissions and execute
- Stored procedure execution permission for a db-role
- Granting Select Rights to a Stored Procedure in SQL Server 2000
- Grant Permission stored procedures