Share via

SQL Server Security

Ray Milhon 21 Reputation points
2021-08-02T18:45:39.15+00:00

In order for a user to be able to run a SQL Server Stored Procedure in a user database what's the minimum security access required?

Developer technologies | Transact-SQL
Developer technologies | Transact-SQL

A Microsoft extension to the ANSI SQL language that includes procedural programming, local variables, and various support functions.

0 comments

Answer accepted by question author

Erland Sommarskog 134.7K Reputation points MVP Volunteer Moderator
2021-08-02T19:27:25.157+00:00

The user needs EXECUTE permission on the procedure. And CONNECT permission to the database. (That is, have to access to the database in the first place.)

This is under the assumption that the stored procedure is only performing plain DML: SELECT, INSERT, UPDATE, DELETE and MERGE. If the procedure performs actions like, say, creating tables, the user needs explicit permission to those actions.

Was this answer helpful?

0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Dan Guzman 9,516 Reputation points
    2021-08-02T19:38:48.173+00:00

    Adding to Erland's answer, no additional permissions are needed as long as 1) the objects used by the stored procedure exist in the same database, 2) belong to the same schema (e.g. dbo), and 3) are accessed via static DML. Additional permissions and/or security configuration are needed for cross-database access and dynamic SQL.

    Was this answer helpful?

  2. Ray Milhon 21 Reputation points
    2021-08-02T19:32:46.297+00:00

    Thank you that's what I was missing.

    Was this answer helpful?

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.