Running a Stored Procedure from MS-Query

I have created a stored sql procedure to run within a MS-Query.  The problem I have is that I can pass the parameters from Excel to the SP without a problem.  However, the end user cannot becuase they do not have the proper permissions on the SQL server.

In another recent Experts Exchange answer to another question I was given the line of code:

"with execute as owner" to alow the user to emulate my privileges.

Here is my procedure code:

USE [livedb]
GO
/****** Object:  StoredProcedure [dbo].[GetIPAProcCnt_Summary]    Script Date: 11/16/2014 11:00:23 ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
-- =============================================
-- Author:            Glen Powers
-- Create date: November 16,2014
-- Description:      IPA Procedures Summary by Surgeon and Date
-- =============================================
ALTER PROCEDURE [dbo].[GetIPAProcCnt_Summary]
      -- Add the parameters for the stored procedure here
      @Datefrom datetime,
      @Dateto datetime
      with execute as owner
     As
SELECT     TOP (100) PERCENT dbo.AbsOperationSurgeons.ProviderID, dbo.AbsOperationProcedures.ProcedureCode,
                      dbo.AbsOperationProcedures.ProcedureCodeName, SUM((CASE WHEN dbo.BarVisits.InpatientOrOutpatient = 'I' THEN 1 ELSE 0 END)) AS IPCNT,
                      SUM((CASE WHEN dbo.BarVisits.InpatientOrOutpatient = 'O' THEN 1 ELSE 0 END)) AS OPCNT
FROM         dbo.AbsOperationSurgeons LEFT OUTER JOIN
                      dbo.BarVisits ON dbo.AbsOperationSurgeons.VisitID = dbo.BarVisits.VisitID RIGHT OUTER JOIN
                      dbo.AbsOperations ON dbo.AbsOperationSurgeons.VisitID = dbo.AbsOperations.VisitID LEFT OUTER JOIN
                      dbo.AbsOperationProcedures ON dbo.AbsOperations.VisitID = dbo.AbsOperationProcedures.VisitID
WHERE     (dbo.AbsOperations.DateTime >= @Datefrom) AND (dbo.AbsOperations.DateTime <= @Dateto) AND(dbo.AbsOperationProcedures.ProcedureCode IS NOT NULL) AND
                      (dbo.AbsOperationSurgeons.ProviderID IS NOT NULL) AND (dbo.AbsOperationSurgeons.ProviderSeqID = 1)
GROUP BY dbo.AbsOperationSurgeons.ProviderID, dbo.AbsOperationProcedures.ProcedureCode, dbo.AbsOperationProcedures.ProcedureCodeName
ORDER BY dbo.AbsOperationSurgeons.ProviderID, dbo.AbsOperationProcedures.ProcedureCode


Here is the error message I get:

Msg 15517, Level 16, State 1, Procedure GetIPAProcCnt_Summary, Line 0
Cannot execute as the database principal because the principal "dbo" does not exist, this type of principal cannot be impersonated, or you do not have permission.

It looks like I cannot get around this roadblock.

The Stored Procedure runs correctly without the "with execute as owner"  when I execute the stored procedure from the Object Explorer.

Is this error correctable?

Thanks

glen
GPSPOWAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
Jim HornConnect With a Mentor Microsoft SQL Server Developer, Architect, and AuthorCommented:
If a SP exists to provide data to a report, then users/roles should be granted execute privs:
-- Role
GRANT EXECUTE ON OBJECT::GetIPAProcCnt_Summary TO Sales
GO

-- Users
GRANT EXECUTE ON OBJECT::GetIPAProcCnt_Summary TO Jimbo
GO

-- Everybody (?)
GRANT EXECUTE ON OBJECT::GetIPAProcCnt_Summary TO public
GO

Open in new window


btw I have an article out there called Microsoft Excel & SQL Server:  Self service BI to give users the data they want that is a tutorial on how to connect Excel to SQL SP's, although it doesn't address security on the SP directly.  I'll have to add it.  Either way, if you like the article please click the green 'Was this article helpful?' button at the end.
0
 
GPSPOWAuthor Commented:
Thank you for the documentation.

I will have notify my client to see if they are willing to add executive privileges to the end users so they can run the SP's.

In the past they have been reluctant.

Glen
0
 
Jim HornMicrosoft SQL Server Developer, Architect, and AuthorCommented:
Thanks for the grade.  When I wrote the article my client was an airline, and nothing was considered confidential, so security wasn't an issue.  

With almost every other client, including my current healthcare one, I've always needed two things to make this work:  (1)  Business Users who will sit down and 'own' the groupings of various roles, and which business users are in that role, and (2) In absence of the developer being able to do this a DBA willing to take that list, create the roles, and assign groups to roles.

Good luck.
Jim
0
All Courses

From novice to tech pro — start learning today.