|
|
|
Problems with GRANT
|
|||
|---|---|---|---|
|
#18+
I have problem with Transact-SQL: my database uses this schema: USER->STORED PROCEDURE->TABLE a) USER can execute the STORED PROCEDURE b) this STORED PROCEDURE can chahge(insert/update/delete) the TABLE c) USER can not directly acess to the TABLE and I use two GRANT: GRANT EXECUTE ON myProc TO myUser GRANT ALL ON myTable TO myProc I use such schema on Oracle and Interbase, but I can not realize it on MS SQL: I read all Transtact-SQL help, use GRANT/DENY/Dabase Roles - nothing... Because MS SQL can grant only to "roles" and "roles" can be attached only to users... So there are no "object to object grant" and "object can not be attached to a role (only user)" Can you help me, because I do not believe, that MS SQL do not support it. P.S. May be I must use another schema on MS SQL. __Werty_ ... |
|||
|
:
Нравится:
Не нравится:
|
|||
| 07.11.2002, 09:12:52 |
|
||
|
Problems with GRANT
|
|||
|---|---|---|---|
|
#18+
Hi All you need is grant permission for the procedure owner . Because "If the same user owns a stored procedure and all the views or tables it references, and if the procedure and objects are all in the same database, SQL Server checks only the permissions on the procedure". This security mechanism also known as ownership chain. "If the ownership chain of a procedure or view is broken (not all the objects in the chain are owned by the same user), SQL Server checks permissions on each object in the chain whose next lower link is owned by a different user. Only those statements where the user has the necessary permissions will be executed, and the remaining statements will get an "Insufficient Permissions" error. In this way, SQL Server allows the owner of the original data to retain control over its accessibility. " PS Microsoft recommends to use dbo as owner of all database objects. ... |
|||
|
:
Нравится:
Не нравится:
|
|||
| 07.11.2002, 10:32:16 |
|
||
|
|
start [/forum/topic.php?fid=46&fpage=3382&tid=1819000]: |
0ms |
get settings: |
10ms |
get forum list: |
14ms |
check forum access: |
3ms |
check topic access: |
3ms |
track hit: |
34ms |
get topic data: |
9ms |
get forum data: |
2ms |
get page messages: |
33ms |
get tp. blocked users: |
1ms |
| others: | 242ms |
| total: | 351ms |
| 0 / 0 |
