473,396 Members | 2,024 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > microsoft sql server > questions > revoke permissions to stored procedure

Join Bytes to post your question to a community of 473,396 software developers and data experts.

revoke permissions TO stored procedure

I have written an stored proc that reads from a text file and executes
the script as dynamic sql.

If the text file contains malicious code,I want to be able to detect it
and prevent the stored procedure from executing.

I've tried revoking delete,insert,update rights all tables in the
database to the user .
I then granted execute rights to the stored procedure for the same
user. But the user is still able to delete a record from the table by
executing the stored procedure.

Is there any means to I revoke,insert,delete ,update rights to a stored
proc?

Jul 23 '05 #1
2 3611
Once a SP is called, it has already been compiled. Changes to it while
it is running has no effect.

Inside the stored procedure, you can write conditional logic to abort
if necessary (using the RETURN or RAISEERROR statements).

However, a patient hacker can try hundreds of ways to bypass whatever
detection logic you write. If this a customer requirement, quote him
the AOL commercial that "he's just asking for his hard drive to make
noises like a yeti..."

Jul 23 '05 #2
(te****@yahoo.com) writes:
I have written an stored proc that reads from a text file and executes
the script as dynamic sql.

If the text file contains malicious code,I want to be able to detect it
and prevent the stored procedure from executing.

I've tried revoking delete,insert,update rights all tables in the
database to the user .
I then granted execute rights to the stored procedure for the same
user. But the user is still able to delete a record from the table by
executing the stored procedure.

Is there any means to I revoke,insert,delete ,update rights to a stored
proc?


It's not wholly clear what you are trying to accomplish, but the answer
to the last question is no. You can revoke rights for the procedure
owner.

But for dynamic SQL, it's the rights of the user that applies, so meddling
with the procedure owner won't help. Just grant the user the rights
he needs, but not more.

--
Erland Sommarskog, SQL Server MVP, es****@sommarskog.se

Books Online for SQL Server SP3 at
http://www.microsoft.com/sql/techinf...2000/books.asp
Jul 23 '05 #3
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

4
Inter-database stored procedures and permissions
by: TJ Olaes | last post by:
Hello all, this is my second post to this newsgroup. It's a question about stored procedures and permissions and how these behave between databases. Here's the scenario. I have a database that...
Microsoft SQL Server
2
SQL SERVER 2000 - EXEC master..xp_cmdshell permissions
by: aaj | last post by:
Hi all I have a stored procedure that has the line EXEC master..xp_cmdshell 'dtsrun /Stestjob1 /N testdts /E' If I run the SP from an access front end as a trusted user or from a scheduled...
Microsoft SQL Server
1
Stored procedure permissions with xp_cmdshell on SQL 6.5
by: Micah Gentry | last post by:
Is there any way to allow a user to use the xp_cmdshell extended stored procedure without giving that user execute permissions to xp_cmdshell in SQL server 6.5? Let me clarify. Lets say I (as the...
Microsoft SQL Server
5
Report effective permissions for all users?
by: Ross Presser | last post by:
As our customers demand that we tighten our IT security in the company, I've been asked to prepare a report quarterly showing, for each user in Active directory, what his effective permissions are...
Microsoft SQL Server
1
How to Identify Permissions for SQL Server Tables & Stored Proc. via VB Code
by: Brad H McCollum | last post by:
I'm writing an application using VB 6.0 as the front-end GUI, and the MSDE version of SQL Server as the back-end (it's a program for a really small # of users --- less then 3-4). I'm trying to...
Microsoft SQL Server
1
Still Trying to Figure Out Identification of SQL Server Stored Proc. Permissions via VB
by: Brad H McCollum | last post by:
I've looked through many suggestions and partial examples all over this newsgroup and still am not coming up with anything that does specifically what I'm wanting to accomplish. I'm writing a VB...
Microsoft SQL Server
1
Can I do a revoke select on table in a stored procedure?
by: John Wheeler | last post by:
Hi, I want to create the following stored procedure on a DB2 8.1 ESE no fixpack running on redhat linux 8.0 (Intel) CREATE PROCEDURE ADMIN.MYREVOKE ( ) MODIFIES SQL DATA BEGIN REVOKE...
DB2 Database
16
ADPs, Integrated Security and Selective Permissions
by: Lyle Fairfield | last post by:
There is an MS-SQL table named Bugs_Comments_and_Suggestions. There is a form named Bugs_Comments_and_Suggestions. To allow John Doe to use this form, we GRANT him LOGIN and ACCESS permissions...
Microsoft Access / VBA
0
Retaining Stored Procedure Permissions
by: esmith2112 | last post by:
Is there any way to retain the permissions previously granted on a stored procedure through an explicit "GRANT EXECUTE" statement, after recompiling said procedure? We are using group permissions...
DB2 Database
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!