Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

How can I give the minimum permission?

Posted on 2010-11-15
7
Medium Priority
?
599 Views
Last Modified: 2012-05-10
How can I give a SQL user ONLY execute permission to a stored procedure that is in the Master DB?
0
Comment
Question by:Negash
  • 3
  • 3
7 Comments
 
LVL 2

Assisted Solution

by:AarthiPrabakaran
AarthiPrabakaran earned 664 total points
ID: 34142460


try something like this CREATE PROCEDURE dbo.usp_Demo
AS
SELECT user_name();
GO
GRANT EXECUTE ON [dbo].[usp_Demo] TO [test]
0
 
LVL 57

Accepted Solution

by:
Raja Jegan R earned 1336 total points
ID: 34142496
>> How can I give a SQL user ONLY execute permission to a stored procedure that is in the Master DB?

Few Best practices:

1. Giving CONNECT permission to a user for master db is not recommended.
2. Instead create that procedure in some other user databases and grant CONNECT privilege to Database and EXECUTE privileges to procedure.
3. Make sure public role is revoked and guest account is disabled since all users would be able to view and access objects present in all databases.
0
 

Author Comment

by:Negash
ID: 34142519
It is not only one stored procedure that the user needs permission to. There are at least two dozen. Do I need to grant permission to each of them? Also, I would like to make sure this wouldn't give the user access to any other object in the DB?  
0
Get quick recovery of individual SharePoint items

Free tool – Veeam Explorer for Microsoft SharePoint, enables fast, easy restores of SharePoint sites, documents, libraries and lists — all with no agents to manage and no additional licenses to buy.

 
LVL 57

Expert Comment

by:Raja Jegan R
ID: 34142532
>> It is not only one stored procedure that the user needs permission to. There are at least two dozen

Then you need to GRANT execute permission to all the required stored procedures.
In the meanwhile, why are you having user stored procedures in master database which is not a recommended approach at all.

>> Also, I would like to make sure this wouldn't give the user access to any other object in the DB?  

Revoke Public role and disable guest account.
Now granting CONNECT permissions to only required database and EXECUTE privilege on required stored procedures would suffice (it won't give access to other objects for sure)
0
 

Author Comment

by:Negash
ID: 34142566
Thank you rrjegan17! This was exactly what I wanted to do. But I have an external vendor that requested to have their stored procedures in the master db.  Their reason I think is they use a third party tool that apparently converts their existing Access based DB to SQL.  They never re-wrote their code so they are translating everything.   So now I have to figure out how to give only an execute permission without even giving public role to this user. (Is this even possible?)
0
 

Author Comment

by:Negash
ID: 34142578
I guess you have answered my question. I posted comment with refreshing the browser. I will try that. Thanks much!
0
 
LVL 57

Assisted Solution

by:Raja Jegan R
Raja Jegan R earned 1336 total points
ID: 34142618
One more info:

"The guest user cannot be dropped, but it can be disabled by revoking its CONNECT permission. The CONNECT permission can be revoked by executing REVOKE CONNECT FROM GUEST within any database other than master or tempdb."

Guest account which has public role access cannot be REVOKED from master database and hence I don't it would work in your scenario..
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Occasionally there is a need to clean table columns, especially if you have inherited legacy data. There are obviously many ways to accomplish that, including elaborate UPDATE queries with anywhere from one to numerous REPLACE functions (even within…
In this article we will get to know that how can we recover deleted data if it happens accidently. We really can recover deleted rows if we know the time when data is deleted by using the transaction log.
Integration Management Part 2
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question