Are stored procedures more secure than using LINQ against the database?

I am not a security expert and there was a discussion in my project about if we should use Entity Framework. Even though it seems we will use it the project leader is instill insisting that we should still do all our operations (that includes simple CRUDs) with store procedur开发者_如何学Goes because of security. He says that if we use stored procedures the users will only need permission for executing a stored procedure instead of needing permissions for create/read/update/delete.

As I said before I am not a security expert, so I was curious to know how true is this.

What this does is give rights and privileges to the individual store procedures, which then have access to the tables, rather than to the tables themselves.

This way you can restrict the users from all the tables, and allow the SPs to allow semantic access based on other logic (both DB permissions at the SP level, as well as code within the SP).

This is gives the overall security framework finer granularity in terms of roles and privileges.

For example, using normal DB permissions, it's easy to limit what tables a user can see, but not what rows they can see within a table.

Two ways to fix that is to limit access to the underlying table, and then create a limited view on that table and grant permission to that, or you can limit access via the SP which has logic capable of restricting what rows a user can see.

Its true.

Stored procedures gives ability to perform better security than standard table permission (for example by giving possibility to update only few columns of table)

But..

For developers its a nightmare. Even simplest query needs to be implemented as stored proc or view. So its not agile, rapid or sexy :)