Home Forums Article Discussions Article Discussions by Author Discuss Content Posted by Brian Kelley SQL Server Security: The db_executor Role RE: SQL Server Security: The db_executor Role

  • December 12, 2003 at 2:08 am

    #485889

    We should also grant to db_executor the EXECUTE permission for scalar functions.

    It is interesting to note that:

    - Inline Table-valued Functions have SELECT, INSERT, UPDATE and DELETE permissions

    - Multi-statement Table-valued Functions have only the SELECT permission

    - Scalar Functions have only the EXECUTE permission

    Here is how I would write the SELECT statement for the cursor:

    SELECT USER_NAME(uid) as Owner, [name] as StoredProcedure

    FROM sysobjects so WHERE (xtype='P' or xtype='FN')

    AND OBJECTPROPERTY([id], N'IsMSShipped')=0

    AND [id] NOT IN (SELECT [id] FROM sysprotects sp

    WHERE UID=USER_ID('db_executor') AND [action]=224)

    Razvan