Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion Groups
DB Engine
SQL ServerMSDESQL Server CE
Services
Analysis (Data Mining)Analysis (OLAP)DTSIntegration ServicesNotification ServicesReporting Services
Programming
CLRConnectivitySQLXML
Other Technologies
ClusteringEnglish QueryFull-Text SearchReplicationService Broker
General
Data WarehousingPerformanceSecuritySetupSQL Server ToolsOther SQL Server Topics
DirectoryUser Groups
Related Topics
MS AccessOther DB ProductsMS Server Products.NET DevelopmentVB DevelopmentJava DevelopmentMore Topics ...
SQL Server Forum / General / Security / March 2006

Tip: Looking for answers? Try searching our database.

SQL 2005 public role

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Franky - 28 Mar 2006 13:29 GMT
I've made a stored procedure stp_LogError which will be used to have a
central errorhandling system.
(So in the usermade stored procedures in the catch-block stp_Logerror will
be used to log the error).
I've granted execute permissions for stp_LogError to the public role.
Afterward I added a NT-login to the server and added this login to the role
public in the database.
I granted this user execute rights to a stored procedure in which
stp_Logerror is used.
When this user calls this stored procedure, this stored procedure executes,
but when an error occurs we receive an execute permission denied on
stp_LogError for this user.

When I check the login for this user it is made a user in the database
through the role public.
When I check the role public in the database  the user is not a member of
the role public.

I thaught that every user which is granted acces to a database is member of
the public role, so when i granted execute rights for stp_logerror to the
public role, everyone (except the explicitly denied ones) would have execute
rights on stp_LogError.

Can someone explain this to me
Reply to this Message
Uri Dimant - 28 Mar 2006 13:48 GMT
Hi
Who is an owner of this SP?
Avoid adding logins to the public role. Grant an execution permission to the
stored procedure ( be aware if you are using dynamic sql within this sp ,
you'll have to grant permissions on underlying tables as well)

> I've made a stored procedure stp_LogError which will be used to have a
> central errorhandling system.
[quoted text clipped - 24 lines]
>
> Can someone explain this to me
Reply to this Message
Tom Moreau - 28 Mar 2006 13:56 GMT
He can use EXECUTE AS in order to avoid granting permissions on the
underlying tables.

Signature

  Tom

----------------------------------------------------
Thomas A. Moreau, BSc, PhD, MCSE, MCDBA
SQL Server MVP
Columnist, SQL Server Professional
Toronto, ON   Canada
www.pinpub.com
.

Hi
Who is an owner of this SP?
Avoid adding logins to the public role. Grant an execution permission to the
stored procedure ( be aware if you are using dynamic sql within this sp ,
you'll have to grant permissions on underlying tables as well)

> I've made a stored procedure stp_LogError which will be used to have a
> central errorhandling system.
[quoted text clipped - 24 lines]
>
> Can someone explain this to me
Reply to this Message
Uri Dimant - 28 Mar 2006 14:05 GMT
Tom
Yep ( I have just forgotten that he uses SQL Server 2005) , however I  still
think it will be better  to GRANT EXECUTE permissions rather using EXECUTE
AS   command , (it is easy to forget REVERT and ect. )

> He can use EXECUTE AS in order to avoid granting permissions on the
> underlying tables.
[quoted text clipped - 35 lines]
>>
>> Can someone explain this to me
Reply to this Message
Tom Moreau - 28 Mar 2006 15:23 GMT
You don't need REVERT when you create a proc with the EXECUTE AS option.

Signature

  Tom

----------------------------------------------------
Thomas A. Moreau, BSc, PhD, MCSE, MCDBA
SQL Server MVP
Columnist, SQL Server Professional
Toronto, ON   Canada
www.pinpub.com
.

Tom
Yep ( I have just forgotten that he uses SQL Server 2005) , however I  still
think it will be better  to GRANT EXECUTE permissions rather using EXECUTE
AS   command , (it is easy to forget REVERT and ect. )

> He can use EXECUTE AS in order to avoid granting permissions on the
> underlying tables.
[quoted text clipped - 35 lines]
>>
>> Can someone explain this to me
Reply to this Message
Franky - 28 Mar 2006 14:01 GMT
The owner of the stored procedures  is dbo.

So I'v made a  fe stp_insertEmp, and granted user Jefke execute rights on
stp_InsertEmp. I've also granted execute rights to public for stp_logerror.
In the catch block inside stp_InsertEmp, stp_LogError is called.
When user Jefke executes stp_InsertEmp and an error occurs, stp_LogError
should be called. But then we receive an execute permission denied on
sto_LogError.

> Hi
> Who is an owner of this SP?
[quoted text clipped - 30 lines]
> >
> > Can someone explain this to me
Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2009 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.