Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Secure Dynamic SQL (EXECUTE or sp_executesql)

Status
Not open for further replies.
JD1866DSC

JD1866DSC

Technical User
Sep 4, 2006
49
GB
Hi, I understand its good practise to grant execute permissions to your stored procedure rather than the base tables. However when using dynamic SQL in a stored procedure it runs in its own security context meaning you need to grant SELECT rights on the base tables.

Does anyone know a way round this problem? that I can still use dynamic SQL without granting SELECT permissions on the base tables
 
Sort by date Sort by votes
No, when using dynamic SQL you must grant access to the underlying tables.

Denny
MCSA (2003) / MCDBA (SQL 2000)
MCTS (SQL 2005 / Microsoft Windows SharePoint Services 3.0: Configuration / Microsoft Office SharePoint Server 2007: Configuration)
MCITP Database Administrator (SQL 2005) / Database Developer (SQL 2005)

--Anything is possible. All it takes is a little research. (Me)
[noevil]
 
Upvote 0 Downvote
Dynamic SQL is amost always a bad idea. This is one of the reasons why. You should avoid dynamic SQL as much as possible.

Questions about posting. See faq183-874
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Steve Yu
  • Locked
  • Question
How secure is MS SQL on the Internet vs behind firewall inside a LAN 1
Replies
3
Views
636
Chris Miller
Chris Miller
MathiasB
  • Locked
  • Question
Parameterised sql server query
Replies
8
Views
525
Chriss Miller
C
gbaughma
  • Locked
  • Question
SQL Performance
Replies
11
Views
1K
pjw001
pjw001
V
  • Locked
  • Question
xp_cmdshell vs psexec - this SQL server forgets credential to an W10 share
Replies
0
Views
820
Volvere
V
elly00
  • Locked
  • Question
create sql view using batch file
Replies
5
Views
723
Mike Lewis
Mike Lewis

Part and Inventory Search

Sponsor

Back
Top