question

Kiran 1 avatar image
Kiran 1 asked

SP execute permission

If a user has execute permission on a stored procedure, will that automatically grant insert/update/delete permission thats embedded in stored proc.

sql2012
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

2 Answers

·
JohnM avatar image
JohnM answered

It won't grant explicit access to those objects but will allow the procedure to make those inserts/updates/deletes via the procedure to succeed.

10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Kiran 1 avatar image
Kiran 1 answered

Thanks John. So does this mean an user who is not having db_datareader and db_datawriter permissions can execute the stored procedure which contains DML statements

2 comments
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

JohnM avatar image JohnM commented ·

Correct.

0 Likes 0 ·
Jeff Moden avatar image Jeff Moden commented ·

In order for the stored procedure to work in such a fashion, you're going to need to add WITH EXECUTE AS OWNER to the stored procedure.

0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.