Stored Procedure check Permissions SQL Server 2000

I have a stored procedure that I pass a table name into as a parameter from vb.net.  I could also pass in user name if I cannot get it from sql server.

Is it possible for me to see if a user executing the stored procedure has select rights on the table and exit if not?

My table permissions are set by roles (ie. I have three users in a role)  I have granted permissions to the role and not each of the three users.

Thanks
barnetjebAsked:
Who is Participating?
 
Lori99Connect With a Mentor Commented:
I found something you can use.  There is a PERMISSIONS function that will validate a user's object permissions.  The syntax is something like this.

if PERMISSIONS(OBJECT_ID(@table_name)) &0x10 = 0x10
  <user can delete, go ahead and delete>
else
  <user can't delete, kick them out of here>

The bitmap used varies based on what object permissions you want to check.  See this link for more information on syntax and usage.

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/tsqlref/ts_pa-pz_6f78.asp
0
 
kiprimshotCommented:
sp_helprotect 'table_name' will tell you the permissions for a table...by permission group
0
 
kiprimshotConnect With a Mentor Commented:
sp_helprolemember 'RoleName' will tell you all the members of a role

both together could get you what you want... but there may be a better way
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
Lori99Commented:
How about this.  Execute a simple SELECT against the table requested and check for a 'permission denied' error message.  I think the message number you want would be 229.  It would probably be more efficient and easier than executing multiple stored procedures to determine the user's permissions.
0
 
barnetjebAuthor Commented:
I have a stored proc like this

Set @strsql = 'delete from ' + @table_name + ' where ' + @id_field + ' = ' +  @id_value
exec @strsql

I think I ran into it before that it would just go ahead and execute this if the user had execute permissions on the stored procedure even though he did not have delete permissions on the table.

I was thinking I could do some sort of check first to make sure the user has delete permissions, if not exit my stored proc.



0
 
Lori99Commented:
Good point.  Even though you mentioned this was a stored procedure, I didn't take that into account.  You could use SYSTEM_USER to determine who is executing the procedure.  Then do as kiprimshot mentions above and use sp_helprotect and sp_helprolemember to figure out if they are allowed to delete from the table.  It seems like there should be a better way.  I'll keep thinking about it.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.