good questions. I'm in a situation (potentially) where an auditing firm is grading us on how well we comply with Sarbanes. Somehow (maybe indirectly) they've talked one of my peers into prohibiting general use of procs (even if they are read only) on data we can query anyway. They are ok if job and service accts execute procs. I suspect that they are somewhat naive but I'm starting to understand their concerns. I'm still against the decision mostly because of what dynamic sql and parameter passing features bring to the table when using procs in sql server.

I suspect I can come up with a silver bullet that would satisfy everybody.

I'm preparing a case against their decision but have struck out on two of the more promising sagfeguards.