---
 
 
---
 
 
Smilepk Home | Tips Home | Contact | Games | Themes | Wallpapers | Videos
GOOGLE
Free SEO, Web Related Tips
    Web Hosting Guide
    SEO Articles, Tips
    Earn With Google
    Hot n Top Tips
    Mix Web Special
    Miscellaneous Tips
---
Free Windows xp Tips
    User Interface
    Usability Tweaks
    Security Tricks
    Hardware Tweaks
    Internet & Network
    System Performance
    Miscellaneous Tips
    Software Tips
---
Today World Tips
    Travelling Tips
    Cooking Tips
    Credit Card Tips
    Photography Tips
    Handwriting Tips
    Student Visa Tips
    Resume Tips
    Aloe Vera Tips
    Weightloss Tips
    Beauty Tips
    Mobile Codes Tips
---
Free Other Categories Tips
    PC Buying Tips
    System Tune-Up
    MS Office Tips
    Security Alerts
    Database Tips
    Registry Tricks
    Pc Troubleshooting
    Backup Tricks
    Printing Tips
    Cisco Router Tips
    Glossaries...
    Laptop Tricks
    PC Cleaning Tips
    System FAQs
    Internet Tips
    Windows Vista Tips
---
Free Broadband Tips
    ISP Tricks
    Wireless Tips
    VPN Tricks
    Mobile Tips
    ATM Tips Tricks
    Optic Fiber Tips
    Cable Net Tweaks
    DSL Tips Tricks
    Projector Tips
   Granting Permissions on Database Objects
     Home   Database Tips  Administration Tips
----

Q
Why do I have to give permissions on the underlying database objects when I'm using dynamic SQL statements?

 A
These permissions are required for security reasons. Consider the following simple stored procedure:

USE pubs
GO

CREATE PROCEDURE GeneralSelectTableName SYSNAME
AS
EXEC ('SELECT * FROM ' + TableName)
GO

You probably expect that your stored procedure will make a call that looks something like:

USE pubs
EXEC GeneralSelect 'authors'

However, consider the consequences of someone passing to your stored procedure the following:

USE pubs
EXEC GeneralSelect 'authors DROP TABLE authors'

If you, the creator of the stored procedure, were a member of the db_owner role in the pubs database and your users needed only the EXECUTE privilege on the stored procedure, then this command would drop the authors table. SQL Server protects against such unauthorized actions by requiring that users possess the appropriate permissions on the database objects referenced within dynamic SQL statements.