Hi people.
I have a database with some stored procedures.
My question is: Is there a problem to do this:
GRANT EXECUTE ON [dbo].[StoredProcedureXPTO] TO [Public]
i.e. grant permission of execution to public?? Or is thar a security issue?
+5
A:
There is no problem if that's what you want. If you want to restrict access to the stored procedure then this is not the way to go.
Otávio Décio
2009-02-06 14:56:14
+2
A:
Obviously depends on what the stored procedure does and whether you want "public" to be able to do that.
CodeMonkey1
2009-02-06 14:59:42
+1
A:
The answer entirely depends on what your Stored Procedure does and whether you want every man and his dog to have access to it.
In my experience, it would be unusual since I provide quite narrowly scoped users and roles for my applications.
But your question makes me wonder if there is another issue behind your question. Why do you ask?
CJM
2009-02-06 15:25:03
That stored procudure is a sample, does not really exists.I have made that question because in my job, the older guys have the habit of giving permissions to public in all stored procedures. Some procedures delete things in database.In my opinion is not a good habit..... isn't???
rpf
2009-02-07 21:47:43
Yes, I'd agree - it sounds like lazy DBA administration, but it may just be that they don't know any better. Even in a wiki application, you wouldn't dive delete permissions to Public...
CJM
2009-02-08 02:31:38
A:
I like to avoid giving any permissions on public, because you can't add a user to the database that isn't in the public role. So essentially you are limiting the flexibility of your security by not giving yourself a way to lock any database user out of that stored procedure (other than changing the stored proc permissions later).
JohnFx
2009-02-06 16:42:06