Hi all,
On a SQL Server 2008 database I want to give a user the rights to GRANT, REVOKE and DENY on objects only of type stored procedure (not using the db_securityadmin database role). How can i do this? Thanks!
Sandor
+1
A:
The easiest way would probably be to group the stored procedures into a separate schema and give the desired user CONTROL permission on that schema.
There may be other ways to accomplish what you want, but I'm not aware of them.
mwigdahl
2009-03-27 15:51:53
+2
A:
Wrap the GRANT/REVOKE/DENY via another stored proc that:
- Has EXECUTE AS OWNER (or user if different schema) to avoid direct rights for the user
- Checks the target object in a stored proc
- Checks the user is allowed or a member of a certain role etc
Otherwise, there is no way to separate permissions per object type
gbn
2009-03-27 19:04:40
Yes, this would probably be cleaner than my rather hacky answer... :)
mwigdahl
2009-03-29 14:22:42