Click here to monitor SSC
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Granting Execute Access to All Stored Procedures to a Given User


Granting Execute Access to All Stored Procedures to a Given User

Author
Message
Tim Mitchell
Tim Mitchell
Ten Centuries
Ten Centuries (1.1K reputation)Ten Centuries (1.1K reputation)Ten Centuries (1.1K reputation)Ten Centuries (1.1K reputation)Ten Centuries (1.1K reputation)Ten Centuries (1.1K reputation)Ten Centuries (1.1K reputation)Ten Centuries (1.1K reputation)

Group: General Forum Members
Points: 1122 Visits: 2908
Comments posted to this topic are about the content posted at http://www.sqlservercentral.com/columnists/tmitchell/grantingexecuteaccesstoallstoredprocedurestoagiven.asp



Tim Mitchell, Microsoft Data Platform MVP
Data Warehouse and ETL Consultant
TimMitchell.net | @Tim_Mitchell | Tyleris.com
ETL Best Practices


David.Poole
David.Poole
Hall of Fame
Hall of Fame (3.7K reputation)Hall of Fame (3.7K reputation)Hall of Fame (3.7K reputation)Hall of Fame (3.7K reputation)Hall of Fame (3.7K reputation)Hall of Fame (3.7K reputation)Hall of Fame (3.7K reputation)Hall of Fame (3.7K reputation)

Group: General Forum Members
Points: 3674 Visits: 3114
This might work a bit faster

DECLARE @ProcName sysname ,
@usercredentials sysname

set @procname=''
set @usercredentials='Development'

WHILE @procname is not null
begin
SELECT @procname = min(name)
FROM sysobjects
WHERE xtype='P' and name > @procname and name not like 'dt_%'

IF @procname is not null
BEGIN
EXEC('GRANT EXECUTE ON ' + @procname+ ' TO ' + @usercredentials)
PRINT 'Execute permissions granted on '+ @procname+ ' TO ' + @usercredentials
END

END

LinkedIn Profile

Newbie on www.simple-talk.com
Adam Cruickshank
Adam Cruickshank
Forum Newbie
Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)

Group: General Forum Members
Points: 1 Visits: 4
Whatever happened to using a good old fashioned cursor?
Mike Metcalf
Mike  Metcalf
Mr or Mrs. 500
Mr or Mrs. 500 (585 reputation)Mr or Mrs. 500 (585 reputation)Mr or Mrs. 500 (585 reputation)Mr or Mrs. 500 (585 reputation)Mr or Mrs. 500 (585 reputation)Mr or Mrs. 500 (585 reputation)Mr or Mrs. 500 (585 reputation)Mr or Mrs. 500 (585 reputation)

Group: General Forum Members
Points: 585 Visits: 53
Just to add that it's often much easier in multi-user environments where more than a couple of users need similar access to create a single role and grant permissions to the role, then you can just add the users to the role to save you time.
F Vandeputte
F Vandeputte
SSC-Enthusiastic
SSC-Enthusiastic (116 reputation)SSC-Enthusiastic (116 reputation)SSC-Enthusiastic (116 reputation)SSC-Enthusiastic (116 reputation)SSC-Enthusiastic (116 reputation)SSC-Enthusiastic (116 reputation)SSC-Enthusiastic (116 reputation)SSC-Enthusiastic (116 reputation)

Group: General Forum Members
Points: 116 Visits: 59
The code below will do the trick with only one line of code:

EXEC master..xp_execresultset
N'SELECT ''GRANT EXEC ON '' + o.name + '' TO '' + ''my_user''
FROM sysobjects o
WHERE xtype = ''P'' AND [name] NOT LIKE ''dt_%'' ', my_db

Just replace my_user and my_db with the correct values.

I posted some more nice examples on xp_execresultset my blog some time ago:

http://www.vandeputte.org/2005/10/xpexecresultset.html

Kind regards,

Frederik
TDuffy
TDuffy
Ten Centuries
Ten Centuries (1.3K reputation)Ten Centuries (1.3K reputation)Ten Centuries (1.3K reputation)Ten Centuries (1.3K reputation)Ten Centuries (1.3K reputation)Ten Centuries (1.3K reputation)Ten Centuries (1.3K reputation)Ten Centuries (1.3K reputation)

Group: General Forum Members
Points: 1326 Visits: 57

Yes I'm being picky but doesn't this belong in Scripts rather than articles?

Terry





David.Poole
David.Poole
Hall of Fame
Hall of Fame (3.7K reputation)Hall of Fame (3.7K reputation)Hall of Fame (3.7K reputation)Hall of Fame (3.7K reputation)Hall of Fame (3.7K reputation)Hall of Fame (3.7K reputation)Hall of Fame (3.7K reputation)Hall of Fame (3.7K reputation)

Group: General Forum Members
Points: 3674 Visits: 3114
"Good" and "cursor" in the same sentence.

"Old Fashioned" is OK, it implies that something has worked

LinkedIn Profile

Newbie on www.simple-talk.com
Mike Metcalf
Mike  Metcalf
Mr or Mrs. 500
Mr or Mrs. 500 (585 reputation)Mr or Mrs. 500 (585 reputation)Mr or Mrs. 500 (585 reputation)Mr or Mrs. 500 (585 reputation)Mr or Mrs. 500 (585 reputation)Mr or Mrs. 500 (585 reputation)Mr or Mrs. 500 (585 reputation)Mr or Mrs. 500 (585 reputation)

Group: General Forum Members
Points: 585 Visits: 53

I can't agree more, there's no way that those 2 words should ever appear in the same sentence

Oh, wait, how about...

"it's no good, he's used a cursor rather than doing it properly with set based logic"

or

"good, said the highly paid consultant, i see that they've used a cursor; i should be able to make things a little faster if you want to pay me some more money"

(but only for 99.99999 % of cases)


CDJorg
CDJorg
SSC Journeyman
SSC Journeyman (80 reputation)SSC Journeyman (80 reputation)SSC Journeyman (80 reputation)SSC Journeyman (80 reputation)SSC Journeyman (80 reputation)SSC Journeyman (80 reputation)SSC Journeyman (80 reputation)SSC Journeyman (80 reputation)

Group: General Forum Members
Points: 80 Visits: 1

This likely won't make any difference when looping through stored procedure names, but it should be noted that "_" is a wildcard, representing any one character.

like 'dt_%' would be better written as like 'dt\_%' escape '\' to force the script to treat the underscore as itself.

Otherwise, great script! Very useful.


dlhatheway@mmm.com
dlhatheway@mmm.com
Old Hand
Old Hand (320 reputation)Old Hand (320 reputation)Old Hand (320 reputation)Old Hand (320 reputation)Old Hand (320 reputation)Old Hand (320 reputation)Old Hand (320 reputation)Old Hand (320 reputation)

Group: General Forum Members
Points: 320 Visits: 12

I'd vote for creating the "executors" role, adding "execute" permission on all the SPs to that and then adding the user(s) in question to the "executors" role.

Maybe "executors" would be a good addition to the model db.

By the way, where's your defensive "is this a real login" check? Chalk it up to paranoia, if you like, but I'd have a test in there.





Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search