DeveloperBarn Forums

DeveloperBarn

Programming & IT forum

Permissions on Tables, Stored Procedures, etc.

This is a discussion on Permissions on Tables, Stored Procedures, etc. within the Microsoft SQL Server forums, part of the Databases category; I briefly read somewhere that it is better to grant only execute permissions on stored procedures for the account used ...

Go Back   DeveloperBarn Forums > Databases > Microsoft SQL Server

Permissions on Tables, Stored Procedures, etc. Permissions on Tables, Stored Procedures, etc.

Register FAQ Social Groups Calendar Search Today's Posts Mark Forums Read

Closed Thread

 

LinkBack Thread Tools Display Modes
  #1  
Old March 23rd, 2008, 10:22 PM
Awaiting Email Confirmation
  
Join Date: Mar 2008
Posts: 14
Rep Power: 0
theChris is an unknown quantity at this point
Default Permissions on Tables, Stored Procedures, etc.
I briefly read somewhere that it is better to grant only execute permissions on stored procedures for the account used for web site visitors. It said something about not allowing this account any other access to the tables. Can anyone elaborate on this for me? I'm not sure I understand what could be wrong with allowing this account to run a SELECT statement, for example, against a table.

Thanks,

theChris
  #2  
Old March 24th, 2008, 10:47 AM
AOG123's Avatar
Lightning Master
  
Join Date: Mar 2008
Location: Fortress Of Solitude
Posts: 218
Rep Power: 5
AOG123 is a jewel in the roughAOG123 is a jewel in the roughAOG123 is a jewel in the roughAOG123 is a jewel in the rough
Default
You rarely want users to have full permissions to access the tables. Executing stored procedures to perform validations will protect the integrity of your database

It will also create extra lines of defense by denying permission to underlying objects "like your tables", as rules can be set so that users can access data and objects in the way that you intend your application to be used.

And importantly from a security point of view, you can limit the creation of Ad hoc queries and even more importantly disable data modifications. This prevents users from maliciously or inadvertently destroying data.

Stored procedures are written once, and can then accessed by many applications. This can reduce network traffic by combining multiple operations into one procedure call, rather than calling multiple queries that can effect the performance of you db.

Hope this helps,...

AOG
__________________
If i helped you, make me famous by clicking the

Status: Currently Unemployed - Looking for Work, Can be contacted on thethresher@hotmail.co.uk
  #3  
Old March 24th, 2008, 11:49 AM
Awaiting Email Confirmation
  
Join Date: Mar 2008
Posts: 14
Rep Power: 0
theChris is an unknown quantity at this point
Default
Okay, that makes sense. Thanks
Closed Thread

  DeveloperBarn Forums > Databases > Microsoft SQL Server

Bookmarks

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads

Thread Thread Starter Forum Replies Last Post
Dynamic Stored Procedure jmurrayhead Microsoft SQL Server 16 March 26th, 2008 11:19 AM
How to Properly Configure Web Permissions on an Access Database jmurrayhead ASP Development 0 March 23rd, 2008 10:44 AM


All times are GMT -4. The time now is 06:48 PM.

Contact Us - DeveloperBarn.com - Top

Copyright ©2008-2010, DeveloperBarn

Content Relevant URLs by vBSEO 3.3.2