?
Solved

How can I give the minimum permission?

Posted on 2010-11-15
7
Medium Priority
?
596 Views
Last Modified: 2012-05-10
How can I give a SQL user ONLY execute permission to a stored procedure that is in the Master DB?
0
Comment
Question by:Negash
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 2

Assisted Solution

by:AarthiPrabakaran
AarthiPrabakaran earned 664 total points
ID: 34142460


try something like this CREATE PROCEDURE dbo.usp_Demo
AS
SELECT user_name();
GO
GRANT EXECUTE ON [dbo].[usp_Demo] TO [test]
0
 
LVL 57

Accepted Solution

by:
Raja Jegan R earned 1336 total points
ID: 34142496
>> How can I give a SQL user ONLY execute permission to a stored procedure that is in the Master DB?

Few Best practices:

1. Giving CONNECT permission to a user for master db is not recommended.
2. Instead create that procedure in some other user databases and grant CONNECT privilege to Database and EXECUTE privileges to procedure.
3. Make sure public role is revoked and guest account is disabled since all users would be able to view and access objects present in all databases.
0
 

Author Comment

by:Negash
ID: 34142519
It is not only one stored procedure that the user needs permission to. There are at least two dozen. Do I need to grant permission to each of them? Also, I would like to make sure this wouldn't give the user access to any other object in the DB?  
0
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

 
LVL 57

Expert Comment

by:Raja Jegan R
ID: 34142532
>> It is not only one stored procedure that the user needs permission to. There are at least two dozen

Then you need to GRANT execute permission to all the required stored procedures.
In the meanwhile, why are you having user stored procedures in master database which is not a recommended approach at all.

>> Also, I would like to make sure this wouldn't give the user access to any other object in the DB?  

Revoke Public role and disable guest account.
Now granting CONNECT permissions to only required database and EXECUTE privilege on required stored procedures would suffice (it won't give access to other objects for sure)
0
 

Author Comment

by:Negash
ID: 34142566
Thank you rrjegan17! This was exactly what I wanted to do. But I have an external vendor that requested to have their stored procedures in the master db.  Their reason I think is they use a third party tool that apparently converts their existing Access based DB to SQL.  They never re-wrote their code so they are translating everything.   So now I have to figure out how to give only an execute permission without even giving public role to this user. (Is this even possible?)
0
 

Author Comment

by:Negash
ID: 34142578
I guess you have answered my question. I posted comment with refreshing the browser. I will try that. Thanks much!
0
 
LVL 57

Assisted Solution

by:Raja Jegan R
Raja Jegan R earned 1336 total points
ID: 34142618
One more info:

"The guest user cannot be dropped, but it can be disabled by revoking its CONNECT permission. The CONNECT permission can be revoked by executing REVOKE CONNECT FROM GUEST within any database other than master or tempdb."

Guest account which has public role access cannot be REVOKED from master database and hence I don't it would work in your scenario..
0

Featured Post

10 Questions to Ask when Buying Backup Software

Choosing the right backup solution for your organization can be a daunting task. To make the selection process easier, ask solution providers these 10 key questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hi all, It is important and often overlooked to understand “Database properties”. Often we see questions about "log files" or "where is the database" and one of the easiest ways to get general information about your database is to use “Database p…
In this article I will describe the Backup & Restore method as one possible migration process and I will add the extra tasks needed for an upgrade when and where is applied so it will cover all.
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question