Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion Groups
DB Engine
SQL ServerMSDESQL Server CE
Services
Analysis (Data Mining)Analysis (OLAP)DTSIntegration ServicesNotification ServicesReporting Services
Programming
CLRConnectivitySQLXML
Other Technologies
ClusteringEnglish QueryFull-Text SearchReplicationService Broker
General
Data WarehousingPerformanceSecuritySetupSQL Server ToolsOther SQL Server Topics
DirectoryUser Groups
Related Topics
MS AccessOther DB ProductsMS Server Products.NET DevelopmentVB DevelopmentJava DevelopmentMore Topics ...
SQL Server Forum / General / Security / May 2006

Tip: Looking for answers? Try searching our database.

datareader doing updates

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Randy - 22 May 2006 15:27 GMT
We created a Role (Alpha) and made it a member of the datareader Role.  Our
hope was that members of this role would only be able to preform data reads.

On a test we granted Alpha exec rights to an update Stored Procedure.  The
members of Alpha are now able to run the Stored Procedure and do updates even
thought they are NOT members of datawriter.  Further testing showed the same
for insert and delete stored procedures.

Does this sound right?

Thanks, Randy
Reply to this Message
David Browne - 22 May 2006 15:41 GMT
> We created a Role (Alpha) and made it a member of the datareader Role.
> Our
[quoted text clipped - 9 lines]
>
> Does this sound right?

Yes.  Look up "ownership chains" in BOL.   If the user can run the
procedure, then permission checks on all objects owned by the owner of the
stored procedure are supressed.

David
Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2009 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.