mbova:
I think the major thing about security is this:
Normally you can give execute permissions to a user for a stored procedure and the stored procedure will run fine.
However, with dynamic SQL in a stored procedure the permissions do not carry over to the code that is dynamic and so if the user has execute permissions to the stored procedure but not to a table in the dynamic SQL then they will get a permissions failure error.
In our database all users by default have read permissions so for us this is not an issue.
Robert Marda
Robert W. Marda
Billing and OSS Specialist - SQL Programmer
MCL Systems