Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

 All Forums
 SQL Server 2000 Forums
 SQL Server Development (2000)
 Another Dynamic SQL Question . . .

Author  Topic 

Jay99

468 Posts
Posted - 2001-03-28 : 16:50:26
Quick look through BOL, SQLTeam FAQ and Forum Search comes up empty.

One of the security things that I usually do for ASP/ColdFusion web/database interaction is I give the ASP developer a User that does not have SELECT/UPDATE/DELETE perms on any tables, but it has EXECUTE on the StoredProcs.

Problem is, if I have a proc that does builds a dynamic WHERE and then the proc does and EXECUTE(@vcSQL) [where @vcSQL is the dynamic SELECT statement], the SELECT is run from the context of the user that is running the proc, and therefor is not able to select from the table.

Is there a way to make the Dynamic SQL statement run from the same context as a select statement(non-dynamic) INSIDE of a proc?

Is that a clear question?


Jay
   

Subscribe to SQLTeam.com

SQLTeam.com Articles via RSS

SQLTeam.com Weblog via RSS

- Advertisement -

Resources

Articles

Forums

Blogs

Contact Us

About the Site