February 7, 2015 at 11:00 am
Comments posted to this topic are about the item Signing Procedures
February 7, 2015 at 2:54 pm
I have forgotten to read the excellent article from the same day as this question
http://www.sqlservercentral.com/articles/Stairway+Series/121476/
about code signing which was giving the "good answer" for this question... Bad luck for me.
I will remember this.
Good question and for the author of the article : cheers...
Maybe a stupid question : why the date for this question is the 9th of February 2015 ? We are always the 7th of February ( maybe because of the week-end ... )
February 8, 2015 at 6:41 am
Never heard of it, probably will never use it either 😀
Thanks for the question Steve.
Need an answer? No, you need a question
My blog at https://sqlkover.com.
MCSE Business Intelligence - Microsoft Data Platform MVP
February 9, 2015 at 1:23 am
This was removed by the editor as SPAM
February 9, 2015 at 3:29 am
I had the pleasure of using it lately after designing my little database access model. I couldn't find a way to creat an "admin" login that can create other logins, reset their passwords, without assigning him to "security_admin" role, which i didn't want to do. I could also use "impersonate" but might as well jus give him that security_admin. Signing procedures with certyficate was the best solution and i just had to give my "admin" execute premission to the stored procedure with the logic inside, signed and ready to go.
February 9, 2015 at 5:27 am
I've never heard of this one either, so I learned something new. I don't see a use for it in my environment, but I've filed away. Thanks.
February 9, 2015 at 6:03 am
Thank you, Steve, for the post; very very good one and a new one to me.
(SSC is a Hubble-Telescope of MSSQL... ):-D
ww; Raghu
--
The first and the hardest SQL statement I have wrote- "select * from customers" - and I was happy and felt smart.
February 9, 2015 at 6:53 am
Good Deal, learned something this morning...
February 9, 2015 at 7:12 am
This comes in quite handy if you want to grant access to a stored procedure that requires some elevated permissions to run, but you don't want to grant those rights directly to the user.
You can create a certificate associated with an account with the required permissions, sign the procedure with the certificate, and then grant the user access to the procedure. The procedure will run with a combination of the user's permissions and the permissions of the account associated with the certificate.
If you make changes to your procedure though, you have to re-sign the certificate to it and re-grant user permissions.
February 9, 2015 at 7:43 am
sestell1 (2/9/2015)
This comes in quite handy if you want to grant access to a stored procedure that requires some elevated permissions to run, but you don't want to grant those rights directly to the user.You can create a certificate associated with an account with the required permissions, sign the procedure with the certificate, and then grant the user access to the procedure. The procedure will run with a combination of the user's permissions and the permissions of the account associated with the certificate.
If you make changes to your procedure though, you have to re-sign the certificate to it and re-grant user permissions.
Informative, thanx 🙂
Thanks & Best Regards,
Hany Helmy
SQL Server Database Consultant
February 11, 2015 at 6:35 am
Never heard of this before, thanks.
February 20, 2015 at 4:28 pm
+1. Luckily I've done this a few times before.
Thanks for the question.
Andre Ranieri
Viewing 12 posts - 1 through 11 (of 11 total)
You must be logged in to reply to this topic. Login to reply