Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase 12»»

SQL Server 2005 Stored Procedure Permissions Expand / Collapse
Author
Message
Posted Tuesday, January 20, 2009 2:32 PM
SSC Journeyman

SSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC Journeyman

Group: General Forum Members
Last Login: Friday, June 17, 2011 10:05 AM
Points: 85, Visits: 394
On a development server, we have users who need to be able to modify, execute and view properties of stored procedures. I have tried combinations of permissions such as Alter, Control and View but when they try to view the properties, they receive the following error message:

Property Default Schema is not available for Database "[database_name]". This property may not exist for the object, or may not be retrievable due to insufficient access rights.

Is there some combination aside from sysadmin that allows viewing stored procedure properties?
Post #640254
Posted Wednesday, January 21, 2009 2:29 AM
Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Tuesday, August 26, 2014 8:30 AM
Points: 354, Visits: 209
Generally, SPs need to be given EXEC permission for those who need to run the SPs.

For this, permission will be provided after creating / altering the SPs like

GRANT EXEC on

- Here PUBLIC can be used to provide EXEC permission to ALL who have access permission to the DB / Server.

You can give the specific permission for the User using:

GRANT


Suresh
Post #640517
Posted Wednesday, January 21, 2009 3:32 AM
SSCarpal Tunnel

SSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal Tunnel

Group: General Forum Members
Last Login: Thursday, August 7, 2014 2:08 AM
Points: 4,427, Visits: 4,171
First of all I think you will get better response if you post a 2005 question in the appropriate forum.

Now to your question. There are a couple od roles which by default can view properties of a stored procedure. Sysadmin will work, but is total overkill. db_owner or ddl_admin would be a much better choice.
GRANT VIEW DEFINITION will also work.
But keep in mind that it's not possible to grant any this permission on one specific procedure. The grantee will be able to see definition and properties of all database objects.



Markus Bohse
Post #640540
Posted Wednesday, January 21, 2009 3:54 AM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: Administrators
Last Login: Yesterday @ 4:38 PM
Points: 31,018, Visits: 15,453
Moved to SS2005 forum

I tend to agree with Markus' advice.

Don't grant this advice to public, however, create your own role.







Follow me on Twitter: @way0utwest

Forum Etiquette: How to post data/code on a forum to get the best help
Post #640551
Posted Wednesday, January 21, 2009 6:59 AM


SSCrazy

SSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazy

Group: General Forum Members
Last Login: 2 days ago @ 1:59 PM
Points: 2,361, Visits: 6,742
I think even a db_owner is an overkill.
What I would suggest is to create a Role with the ddl_Admin as the rights to that particular DB and add the developers who need access to compile Stored procs to that role.
If I was in your shoes, I would never give a Developer access to even read data (forget compiling Stored proc ) to a developer in the production Environment.


-Roy
Post #640671
Posted Wednesday, January 21, 2009 7:03 AM
SSC Journeyman

SSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC Journeyman

Group: General Forum Members
Last Login: Friday, June 17, 2011 10:05 AM
Points: 85, Visits: 394
I agree, they will have view only access to any production objects.

It has been difficult finding the right balance to allow development and debugging without giving too much permission. Thank you for responding!

kay
Post #640676
Posted Wednesday, January 21, 2009 8:28 AM


Keeper of the Duck

Keeper of the Duck

Group: Moderators
Last Login: Monday, September 15, 2014 8:57 AM
Points: 6,624, Visits: 1,872
Even db_ddladmin is overkill.

Grant CREATE PROC to a role. Put developers in that role.
Grant ALTER SCHEMA on the schema(s) that the developers need to modify stored procedures in to the role.
Grant VIEW DEFINITION on the schema(s) that the developers need to modify stored procedures in to the role.

See if that does the job.


K. Brian Kelley, CISA, MCSE, Security+, MVP - SQL Server
Regular Columnist (Security), SQLServerCentral.com
Author of Introduction to SQL Server: Basic Skills for Any SQL Server User
| Professional Development blog | Technical Blog | LinkedIn | Twitter
Post #640792
Posted Wednesday, January 21, 2009 8:33 AM


SSCrazy

SSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazy

Group: General Forum Members
Last Login: 2 days ago @ 1:59 PM
Points: 2,361, Visits: 6,742
Brian, I like this way better than my idea..

-Roy
Post #640803
Posted Thursday, January 21, 2010 10:04 AM


SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Friday, February 21, 2014 8:23 AM
Points: 34, Visits: 502
Easy way to give users/developers view permission to Stored Procedures in SQL 2005:


USE AdventureWorks
GO
CREATE PROCEDURE usp_ExecGrantViewDefinition
(@login VARCHAR(30))
AS
/*
Included Object Types are:
P - Stored Procedure
V - View
FN - SQL scalar-function
TR - Trigger
IF - SQL inlined table-valued function
TF - SQL table-valued function
U - Table (user-defined)
*/
SET NOCOUNT ON

CREATE TABLE #runSQL
(runSQL VARCHAR(2000) NOT NULL)

--Declare @execSQL varchar(2000), @login varchar(30), @space char (1), @TO char (2)
DECLARE @execSQL VARCHAR(2000), @space CHAR (1), @TO CHAR (2)

SET @to = 'TO'
SET @execSQL = 'Grant View Definition ON '
SET @login = REPLACE(REPLACE (@login, '[', ''), ']', '')
SET @login = '[' + @login + ']'
SET @space = ' '

INSERT INTO #runSQL
SELECT @execSQL + schema_name(schema_id) + '.' + [name] + @space + @TO + @space + @login
FROM sys.all_objects s
WHERE type IN ('P', 'V', 'FN', 'TR', 'IF', 'TF', 'U')
AND is_ms_shipped = 0
ORDER BY s.type, s.name

SET @execSQL = ''

Execute_SQL:

SET ROWCOUNT 1

SELECT @execSQL = runSQL FROM #runSQL

PRINT @execSQL --Comment out if you don't want to see the output

EXEC (@execSQL)

DELETE FROM #runSQL WHERE runSQL = @execSQL

IF EXISTS (SELECT * FROM #runSQL)
GOTO Execute_SQL

SET ROWCOUNT 0

DROP TABLE #runSQL

GO

Once this procedure has been created you can grant the permissions as follows.

This example grants view definition to a user "XYZ" in "Adventureworks" Database for all object types that were selected.

USE Adventureworks
GO
EXEC usp_ExecGrantViewDefinition 'XYZ'
GO
Post #851403
Posted Saturday, January 23, 2010 9:08 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Tuesday, July 19, 2011 1:26 AM
Points: 9, Visits: 16
In SQL Server 2005 you can define the execution context of the following user-defined modules: functions (except inline table-valued functions), procedures, queues











_________________
Download Microsoft 2010
Post #852548
« Prev Topic | Next Topic »

Add to briefcase 12»»

Permissions Expand / Collapse