SQL Server stored procedures and permissions

Is it possible to deny permissions for everything in SQL Server (e.g select, insert, etc) and give temporary permissions through sto开发者_高级运维red procedures. I want to use only stored procedures to access data in sql database.

Is this possible or is there another way?

This is a good pattern supported my SQL Server.

Basically, whoever has permissions on the the stored procedures does not need any table permissions at all, if the proc and tables have the same owner (dbo usually). It's called ownership chaining

Note: permissions on the tables are simply not checked in this situation, so explicit "DENY permissions" will be ignored too (DENY is different to "no permissions")

The same applies to views, functions etc (eg view calling table, proc calling view, ...)

Yes this is called ownership chaining, if you give execute permission to the proc the user will be able to execute the proc and it will work, he will get data back

if he then tries to do a select from the table from SSMS it will not work (providing that he is not in the data reader or higher role)

Keep in mind that dynamic SQL breaks ownership chaining, if you have dynamic SQL in the stored procedure, you will need extra permissions in that case

This does not only work with stored procedures, but also with views.
In general, you can give a user permission on a "higher-level" object like a view or sproc, without having to give the same user permission on the underlying table(s) as well.