SQL Server 2005 - Granting permission to create stored procedures (but no other objects)

views:

3773

answers:

+1 Q:

SQL Server 2005 - Granting permission to create stored procedures (but no other objects)

I want to grant a user permission to create, alter, and execute stored procedures, but without the ability to create other database objects. I excluded them from the role db_ddladmin, but explicitly granted the permissions "Create procedure" and "Execute". These permssions appear in the effective permissions list. However, when I try to create a stored procedure with this login, I get the following error:

"The specified schema name "dbo" either does not exist or you do not have permission to use it."

Any suggestions?

If you can create (or alter) and execute a stored procedure, you can do anything.

Execute on a stored procedure implies all other permissions within the context of that procedure. So if you can change a procedure and run it, there's no point in restricting anything else. You could just make the procedure act as a proxy on your behalf.

Joel Coehoorn 2008-10-22 17:44:50

+2 A:

A user can create procedures in a schema that they own. So you can set up a schema for the user to do development work. Then, if it needs to be dbo, the admin can put it there when development is done.

ScottStonehouse 2008-10-22 18:00:14

Agreed. Create a new schema in which users will be able to create their sprocs. Grant them access to that schema, and you should be good to go!

Dave Markle 2008-10-23 01:51:05

ansaurus

tags:

views:

answers:

SQL Server 2005 - Granting permission to create stored procedures (but no other objects)

related questions