T-SQL column update even from stored procedure

Question

T-SQL column update even from stored procedure

I have a question about ms sql permissions

I set the DENY permission for the UPDATE column

DENY UPDATE ON [MyTable] (MyColumn) TO [PrincipalName] ;

It works fine (prevents updating MyColumn when I directly UPDATE MyTable MyColumn), but it still gives the user the ability to update this column using a stored procedure.

Is there any solution to this problem?

+4

sql tsql stored-procedures

DarieX.ge Jun 09 '13 at 18:15

source share

1 answer

Alexander Sigachov · Answer 1 · 2013-06-19T14:50:35+0000

Colin Mackay is right. A stored procedure encapsulates business logic and permissions.

You can use something like

 IF user_name()='PrincipalName' raiserror(N'Update denied',15,0)

to validate a user in a stored procedure. Or you can create an update trigger for a table

T-SQL column update even from stored procedure

More articles: