- Posts By Category

- Posts By Date

- Search The site


Subscribe by Email

- Sites I visit


Locations of visitors to this page

- Recent Blogs

Granting Execute permission on All Stored Procedure for a new SQL Server User
Stored Procedure’s Execute Permission for a new SQL Server User
Posted on 10/14/2007 5:56:51 AM in #SQL SERVER

Hi,

In last few days I have been working with SQL Server Users. In My application the user of the Stored Procedures is not the creator (owner) of the Stored Procedures. Hence the user does not have execute permission on any of the Stored Procedures by default.

Of Late due to some reason we have to create many SQL Server user in the application. Whenever we create a new user in the SQL Server (the user account is used for accessing the database), we have to grant execute permission on all the SP’s. Doing this with the enterprise manager can be very troublesome as we have over 300 Stored Procedures.

I have created a small script with the help of which I get a string that gives permission to the new SQL Server User to all the Stored Procedures.

The script is simple.

select 'Grant Execute on ' + name +  ' SQLServerUSERName'
from sysobjects where xtype in ('P')

The query will return a string which grants execute permission to the Stored Procedure (for each stored procedure). Now all you need to do is copy the script and paste it in SQL Query analyser and run it. The new user now has execute permission on all the Stored Procedures.

Note you can give permission to tables and Views also by using the following SQL.

select 'Grant select,insert,update,delete on ' + name + ' SQLServerUSERName''
from sysobjects where xtype in ('U','V')

Vikram

Share this post   Email it |  digg it! |  reddit! |  bookmark it!

Feedback

Joe Webb
Posted on 10/15/2007 11:52:09 AM

Thanks for sharing the script.

Is there a reason you do not create a database role, grant execute permissions to the role, and then simply add the new users to the database role? That would greatly simplify things.

Joe

Dave
Posted on 12/3/2007 10:53:38 AM

If you really want to do things the right way, your should have 1 user account for your application to connect to and then have a user privlages table to lookup authorizations for each individual rather than having sql server accounts for each user. More coding in your app yes, but based on getting burned by a badly developed application at my place of employment we forever went this rout. IE your application should know what parts of the application a given user should have access to. The application has read and execute on all the objects it uses.

IE: don't over-use sql server security by having a sql server account for each user of the application - that's a huge security risk because now they have access to your database...It's a mistake I've seen a lot of folks do, including us :)

What we do is have screens developed to add, edit, delte new and existing users and check boxes next to various things they are able to do. Say you want Bob and Cathy to have access to the Financials screen(s) then you can easily handle that now by checking before you display. On top of that, you no longer have to bug your dba to add the user as a sql account since they don't need one(and shouldn't for any application). Remember that a slq server user account is supposed to be only for people that are going to be on the database directly such as a dba or developer. When you think about it, nobody else, including support should have direct access to the db, everyone else should be going through the application. Building in backend support to an application most of us don't but should do.

Make sense?

Dave

Vikram
Posted on 12/3/2007 6:21:08 PM

Hi Dave,

What you say perfectly make sense. even I use the same methodology for putting authorization in my application.

But I think you missed other scenario's of which I was thinking when I wrote this Post. Lets say you have developped an application and aftre uploading you want to create a new SQL user(in the production server). Now you have 300 stored procedure to give execute permission to this new SQL user. The application still uses only SQL server user.

Also the requirement of changing the user for the applictaion might come for many unseen reason. The post talked about how to easily provide permission to that new sql user for all stored procedure in the SQL.

Vikram

sam
Posted on 2/6/2008 10:24:54 AM

how can i give execute permissions to all the store procedures to particular existing users on particular database

Simm4H
Posted on 4/3/2008 11:04:13 AM

select 'Grant Execute on ' + name + ' to [insertUserNameHere]'
from sysobjects where xtype in ('P')

Sachin
Posted on 7/7/2008 5:24:13 PM

select 'Grant Execute on [' + name + '] to [insertUserNameHere]'
from sysobjects where xtype in ('P')

It was a nice script..!!

Kevin
Posted on 9/11/2008 10:35:37 AM

For example:

select 'Grant Execute on ' + name + ' to johnsmith'
from sysobjects where xtype in ('P')

jalpa
Posted on 9/29/2008 6:47:54 PM

Hi,
I got this & it is to helpfull to me so thanks lot but
i have to create permmision name as "public" for this grant to all users

matt
Posted on 10/22/2008 9:03:01 AM

GRANT EXECUTE to [User]
GO

might be another option.

Please post your comments:

Name:  
Email (optional): Your email address will not be posted.
URL (optional):
Comments: HTML will be ignored, URLs will be converted to hyperlinks  
Enter the text you see in the box:
 
Copyright © 2006 - 2008 Vikram Lakhotia