Which fixed database role allows a user to execute a user defined stored procedure while minimizing the amount of permissions given. I think db_Datareader will do the trick.Sorry, but db_datareader doesn't have permission to execute ANY stored procedures, although they can read any table or view (more accurately, db_datareaders has SELECT permissions on every object in the database).
The only group that has execute permissions on all of the objects in a database is db_owner. That's WAY too big a hammer to swing without considerable forethought, since it gives the user the "keys to the kingdom" as far as that database is concerned. They can do anything they please with any object in the database, which is a lot more than what you probably intended.
One crude way to work around this might be to create a db_runner group within your database, and schedule a job to grant permission to that group to execute every procedure and function in your database. You could run the job every few minutes, and get 99% of what you are looking for, and you could also exclude objects within your GRANT script if you see fit.
-PatP
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment