Reputation: 26291
SQL Server stored procedure permissions checking
My Asp.Net MVC web-site uses stored procedures based data access to the SQL Server database. Almost every procedure should check permissions, if current user can perform this operation. I've solve it by passing additional parameter UserId to every procedure and checking if user has special permission code in special table.
It causes many copy-pasted script. I wonder, is there any another way? Or may be you have an advices to improve my solution...
Upvotes: 1
Views: 1009
Answers (1)
Reputation: 7862
Just a thought, but what if you encapsulate the logic to lookup the permission for the given user and item in a user defined function. Then, invoke the function from the necessary stored procedures and check the return value. You still will wind up with some copying and pasting but in theory it should result in a cleaner approach.
Upvotes: 1
Related Questions
- MS SQL Server: Check to see if a user can execute a stored procedure
- checking permissions inside stored procedure
- Finding stored procedures having execute permission
- SQL Server User Permissions on Stored Procedure and Underlying Tables
- Inspect SQL permissions on built-in stored procedures (e.g. xp_msver)
- Stored procedure to return user permissions
- stored procedure permissions and execute
- Stored procedure execution permission for a db-role
- mssql Stored Procedure permissions problem
- Get permissions for stored procedure in sql server 2005