Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
JBelthoff
Posting Yak Master
173 Posts |
 Posted - 2005-03-14 : 16:58:26
|
Hi All,Is this the way I am supposed to do permissions? Or is there a better way? Or am I missing something?Here is my approach……I have setup my dBase to have 2 users and I am programming for an ASP.NET application. I am programming stored procedures for any and all access from the asp.net application and I will use the asp.net command object to pass form values to the sp’s. I do not use dynamic sql in my sp’s.My 2 logins are…..DBOwner which is set to dboDBAspNetUser which is only set to publicHere is what I do…..When setting up the stored procedures using Query Analizer I use the DBOwner account.When I am happy I run the following query….GRANT ALL ON dbo.sp_NewStoredProcedure TO DBAspNetUserI believe this command allows the DBAspNetUser to use only those stored procedures that I have granted access on.Is this a good way to do this? Is there a better approach for security?Your anticipated courtesies are greatly appreciated.Thank you,JB  |
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
Posted - 2005-03-14 : 17:40:57
|
| GRANT EXEC ON dbo.sp_NewStoredProcedure TO DBAspNetUserOther than that, you can just use Windows Authentication to create your objects, but DBOwner is fine too as long as you aren't sharing this account with others.Tara |
 |
|
|
JBelthoff
Posting Yak Master
173 Posts |
Posted - 2005-03-14 : 17:43:12
|
| Thank you! |
|
|
|
|
|
|
Am I doing this right? Is there a better way?