Home/ Questions/Q 7554091
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-30T11:14:37+00:00

In my SQL Server 2005 database, a user belongs to a role and that

  • 0

In my SQL Server 2005 database, a user belongs to a role and that role has been granted execute permission on all the stored procedures. One of the stored procedures inserts data into the table called tableA.

User has been explicit DENY permission on tableA. However, user can still execute stored procedure to insert new data.

Is there a way to prevent user to insert new data into the table (besides removing user from the role which has execute permission) 

create table tableA
(id int identity(1,1), data varchar(20)
)

create proc uspInsertTableA
   (@data varchar(20))
with execute as caller
as
begin
insert into tableA
values (@data)
end

DENY INSERT On tableA TO BrianG

GRANT EXECUTE on uspInsertTableA to BrianG

BrianG, can still insert data 

exec uspInsertTableA 'yada'
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    There are two relevant factors:

    1. “execute as” of the stored procedure.

    2. Ownership chaining.

    “EXECUTE as CALLER” is already the default (CREATE PROCEDURE … WITH EXECUTE AS CALLER …)

    Additionally the stored procedure must have a different owner than TableA, to prevent ownership chaining. The owner of the stored procedure must not have the right to insert into the table.

    Alternatively you could use the HAS_PERMS_BY_NAME function within the stored procedure to explicitly check whether the user has the permission.

    if HAS_PERMS_BY_NAME('TableA','OBJECT','INSERT') = 0
   raiserror ('User is not allowed to insert into TableA',16,1)
    • 0