Roles needed for executing Stored Procedure in SQL Server Authentication
Solution 1
Permissions for creating and executing procedures are documented under CREATE PROCEDURE
and EXECUTE
, respectively.
One important consideration is that users do not need to have permissions on the objects referenced in the procedure. You can read this in the documentation, but it's faster to test it yourself:
create table dbo.TestTable (col1 int)
go
create procedure dbo.TestProc
as select col1 from dbo.TestTable
go
grant execute on dbo.TestProc to UserWithNoPermissions
go
execute as user = 'UserWithNoPermissions';
-- this gives error 229 (SELECT permission denied)
select * from dbo.TestTable;
-- this works
execute dbo.TestProc;
revert;
Note that there are some exceptions: dynamic SQL executes in its own scope, so if your procedure uses it then the executing user will indeed need permission on the underlying objects.
Solution 2
IF you want to go more granular on giving your rights to roles, under 'Security' folder ( under the database ), you can configure your execute rights to a given stroed proc.
i.e., in the managements studio's Object explorer, [Database] -> Security -> [YourRole] -> Rightclick for properties -> Securables section
Here you can add specific object types and their permissions et al.
Hope this helps.
Solution 3
It depends on the action performed within your stored procedure.
If you simply excute SELECT
statements, the db_datareader
role should fit for executing your stored procedures. The db_datawriter
is the role, that is eligible to create them.
LCJ
.Net / C#/ SQL Server Developer Some of my posts listed below -- http://stackoverflow.com/questions/3618380/log4net-does-not-write-the-log-file/14682889#14682889 http://stackoverflow.com/questions/11549943/datetime-field-overflow-with-ibm-data-server-client-v9-7fp5/14215249#14215249 http://stackoverflow.com/questions/12420314/one-wcf-service-two-clients-one-client-does-not-work/12425653#12425653 http://stackoverflow.com/questions/18014392/select-sql-server-database-size/25452709#25452709 http://stackoverflow.com/questions/22589245/difference-between-mvc-5-project-and-web-api-project/25036611#25036611 http://stackoverflow.com/questions/4511346/wsdl-whats-the-difference-between-binding-and-porttype/15408410#15408410 http://stackoverflow.com/questions/7530725/unrecognized-attribute-targetframework-note-that-attribute-names-are-case-sen/18351068#18351068 http://stackoverflow.com/questions/9470013/do-not-use-abstract-base-class-in-design-but-in-modeling-analysis http://stackoverflow.com/questions/11578374/entity-framework-4-0-how-to-see-sql-statements-for-savechanges-method http://stackoverflow.com/questions/14486733/how-to-check-whether-postback-caused-by-a-dynamic-link-button
Updated on November 23, 2022Comments
-
LCJ over 1 year
I need to connect to SQL Server 2008 R2 database from a C# application. I need to use SQL Server authentication for the connection.
What are the roles and schemas needed for the user so that the user will be able to create/execute stored procedures ?
Note: The stored procedures will be in dbo schema.
-
LCJ over 11 yearsIs it sufficient from a C# application also?
-
Jan P. over 11 yearsIt is sufficient whereever the user authenticates. The rights do not depend from where the user is accessing the DB. You allways have the same rights, wether you use the "SQL Server Management Studio", an C#-Application or a JAVA application. The SQL-Server just knows that the user e.g. Lijo is trying to execute something.
-
Adir D over 11 yearsNot quite correct.
db_datawriter
is about modifying data in tables, not about creating objects like stored procedures. Alsodb_datareader
will only help you if the stored procedure is running onlySELECT
statements... -
Jan P. over 11 yearsFor shure. If the stored procedures tries to drop a database, it could not be executed by a db_datareader. Edited my post.
-
Pondlife over 11 yearsdb_datareader is (possibly) irrelevant: a user who can execute a stored procedure does not need any permissions on the underlying objects. So unless there is dynamic SQL,
EXECUTE AS
or something else 'unusual' in the procedure, the only permission required is permission toEXECUTE
it. -
LCJ over 11 yearsThanks. What is the permission to be granted to creating a procedure?
-
Pondlife over 11 yearsDid you read the first sentence of my answer and follow the links?
-
LCJ over 11 yearsDo you mean GRANT CREATE PROCEDURE TO MYUSER?