开发者

if an object has no entry in sys.database_permissions are all of its permissions assumed to be "GRANT"?

Let's say I have a function that is accessed in many stored procedures. If that function has no entries in sys.database_permissions does any account that can run one of the stored procs automatically run the function?

This is the query I'm using:

 exec sp_depends 'dbo.theFunction' 

 -- for each object in those results, run this query

 select *  
 from sys.database_pe开发者_运维百科rmissions dp
 where 
 grantee_principal_id=USER_ID('theAccount')
 and 
 major_id=object_id('dbo.theFunction')
 and minor_id=0
 and ( state_desc = 'GRANT' or state_desc = 'SELECT' ) 


There is never an implicit GRANT, on anything. How the 'table accessed from stored procedure' or 'function accessed from stored procedure' works usually is through ownership chaining:

When multiple database objects access each other sequentially, the sequence is known as a chain. [...] When an object is accessed through a chain, SQL Server first compares the owner of the object to the owner of the calling object. This is the previous link in the chain. If both objects have the same owner, permissions on the referenced object are not evaluated.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜