|
sql
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
How to "Grant" a Trigger ???
Hi all,
I use SQL 2000 and I have a special user who can anlu execute a Stored Proc: grant execute on spw_ac_web_action to trwebgroup It's OK but this "spw_ac_web_action" update a table (it's OK) and i have a Trigger on this table (KO): The trigger can't "select" on "insert" on other tables :( How to "Grant" this Trigger ??? Lilian. You don't grant permission on a trigger. The table owner that the trigger is created on need to have
permissions on the objects that the trigger modifies. In reality, the table owner also need to own the objects that the trigger modifies (read about ownership chains in books online). If you then grant a user insert, delete or update permission on the table, the user implicitly has permission to execute the code in the trigger. -- Show quoteHide quoteTibor Karaszi, SQL Server MVP http://www.karaszi.com/sqlserver/default.asp http://www.solidqualitylearning.com/ "Lilian Pigallio" <lpigallio@nospam.com> wrote in message news:uqSJ7NOSGHA.1576@tk2msftngp13.phx.gbl... > Hi all, > > I use SQL 2000 and I have a special user who can anlu execute a Stored Proc: > grant execute on spw_ac_web_action to trwebgroup > > It's OK but this "spw_ac_web_action" update a table (it's OK) and i have a > Trigger on this table (KO): The trigger can't "select" on "insert" on other > tables :( > > How to "Grant" this Trigger ??? > > Lilian. > > I don't really understand...all my tables and triggers were created with sa
(dbo owner) then what I have to do? grant insert, update and select on all my tables for my special user ? Lilian. "Tibor Karaszi" <tibor_please.no.email_kara***@hotmail.nomail.com> a écrit is created on need to havedans le message de news:%2317tG3OSGHA.1948@TK2MSFTNGP09.phx.gbl... > You don't grant permission on a trigger. The table owner that the trigger > permissions on the objects that the trigger modifies. In reality, the table owner also need to own> the objects that the trigger modifies (read about ownership chains in books online). If you then> grant a user insert, delete or update permission on the table, the user implicitly has permission toShow quoteHide quote > execute the code in the trigger. > > -- > Tibor Karaszi, SQL Server MVP > http://www.karaszi.com/sqlserver/default.asp > http://www.solidqualitylearning.com/ > > > "Lilian Pigallio" <lpigallio@nospam.com> wrote in message > news:uqSJ7NOSGHA.1576@tk2msftngp13.phx.gbl... > > Hi all, > > > > I use SQL 2000 and I have a special user who can anlu execute a Stored Proc: > > grant execute on spw_ac_web_action to trwebgroup > > > > It's OK but this "spw_ac_web_action" update a table (it's OK) and i have a > > Trigger on this table (KO): The trigger can't "select" on "insert" on other > > tables :( > > > > How to "Grant" this Trigger ??? > > > > Lilian. > > > > > > Lilian
Is your "special" user a memmber of dbo_owner database role? Show quoteHide quote "Lilian Pigallio" <lpigallio@nospam.com> wrote in message news:%23RTkblPSGHA.5728@tk2msftngp13.phx.gbl... >I don't really understand...all my tables and triggers were created with sa > (dbo owner) then what I have to do? > grant insert, update and select on all my tables for my special user ? > > Lilian. > > > "Tibor Karaszi" <tibor_please.no.email_kara***@hotmail.nomail.com> a écrit > dans le message de news:%2317tG3OSGHA.1948@TK2MSFTNGP09.phx.gbl... >> You don't grant permission on a trigger. The table owner that the trigger > is created on need to have >> permissions on the objects that the trigger modifies. In reality, the > table owner also need to own >> the objects that the trigger modifies (read about ownership chains in > books online). If you then >> grant a user insert, delete or update permission on the table, the user > implicitly has permission to >> execute the code in the trigger. >> >> -- >> Tibor Karaszi, SQL Server MVP >> http://www.karaszi.com/sqlserver/default.asp >> http://www.solidqualitylearning.com/ >> >> >> "Lilian Pigallio" <lpigallio@nospam.com> wrote in message >> news:uqSJ7NOSGHA.1576@tk2msftngp13.phx.gbl... >> > Hi all, >> > >> > I use SQL 2000 and I have a special user who can anlu execute a Stored > Proc: >> > grant execute on spw_ac_web_action to trwebgroup >> > >> > It's OK but this "spw_ac_web_action" update a table (it's OK) and i >> > have > a >> > Trigger on this table (KO): The trigger can't "select" on "insert" on > other >> > tables :( >> > >> > How to "Grant" this Trigger ??? >> > >> > Lilian. >> > >> > >> >> > > OK that the existing SQL code:
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> /* webgroup */exec sp_addgroup 'trwebgroup' /* add the login */ exec sp_addlogin 'trweblogin', 'xxxxxxx' /* add the user */ exec sp_adduser 'trweblogin', 'trwebuser', 'trwebgroup' /* Grant */ grant execute on spw_hd_web_action to trwebgroup <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< How to add the dbo_owner database role? to the trwebgroup, to trwebuser or to trweblogin ??? Dummy Lilian. Show quoteHide quote "Uri Dimant" <u***@iscar.co.il> a écrit dans le message de news:O4hkp1PSGHA.5468@TK2MSFTNGP14.phx.gbl... > Lilian > Is your "special" user a memmber of dbo_owner database role? > > > "Lilian Pigallio" <lpigallio@nospam.com> wrote in message > news:%23RTkblPSGHA.5728@tk2msftngp13.phx.gbl... > >I don't really understand...all my tables and triggers were created with sa > > (dbo owner) then what I have to do? > > grant insert, update and select on all my tables for my special user ? > > > > Lilian. > > > > > > "Tibor Karaszi" <tibor_please.no.email_kara***@hotmail.nomail.com> a écrit > > dans le message de news:%2317tG3OSGHA.1948@TK2MSFTNGP09.phx.gbl... > >> You don't grant permission on a trigger. The table owner that the trigger > > is created on need to have > >> permissions on the objects that the trigger modifies. In reality, the > > table owner also need to own > >> the objects that the trigger modifies (read about ownership chains in > > books online). If you then > >> grant a user insert, delete or update permission on the table, the user > > implicitly has permission to > >> execute the code in the trigger. > >> > >> -- > >> Tibor Karaszi, SQL Server MVP > >> http://www.karaszi.com/sqlserver/default.asp > >> http://www.solidqualitylearning.com/ > >> > >> > >> "Lilian Pigallio" <lpigallio@nospam.com> wrote in message > >> news:uqSJ7NOSGHA.1576@tk2msftngp13.phx.gbl... > >> > Hi all, > >> > > >> > I use SQL 2000 and I have a special user who can anlu execute a Stored > > Proc: > >> > grant execute on spw_ac_web_action to trwebgroup > >> > > >> > It's OK but this "spw_ac_web_action" update a table (it's OK) and i > >> > have > > a > >> > Trigger on this table (KO): The trigger can't "select" on "insert" on > > other > >> > tables :( > >> > > >> > How to "Grant" this Trigger ??? > >> > > >> > Lilian. > >> > > >> > > >> > >> > > > > > > EXEC sp_addrolemember 'db_owner',@login
Show quoteHide quote "Lilian Pigallio" <lpigallio@nospam.com> wrote in message news:uXub7$PSGHA.3192@TK2MSFTNGP09.phx.gbl... > OK that the existing SQL code: > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> > /* webgroup */ > exec sp_addgroup 'trwebgroup' > > /* add the login */ > exec sp_addlogin 'trweblogin', 'xxxxxxx' > > /* add the user */ > exec sp_adduser 'trweblogin', 'trwebuser', 'trwebgroup' > > /* Grant */ > grant execute on spw_hd_web_action to trwebgroup > <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< > > How to add the dbo_owner database role? to the trwebgroup, to trwebuser or > to trweblogin ??? > > > Dummy Lilian. > > > "Uri Dimant" <u***@iscar.co.il> a écrit dans le message de > news:O4hkp1PSGHA.5468@TK2MSFTNGP14.phx.gbl... >> Lilian >> Is your "special" user a memmber of dbo_owner database role? >> >> >> "Lilian Pigallio" <lpigallio@nospam.com> wrote in message >> news:%23RTkblPSGHA.5728@tk2msftngp13.phx.gbl... >> >I don't really understand...all my tables and triggers were created with > sa >> > (dbo owner) then what I have to do? >> > grant insert, update and select on all my tables for my special user ? >> > >> > Lilian. >> > >> > >> > "Tibor Karaszi" <tibor_please.no.email_kara***@hotmail.nomail.com> a > écrit >> > dans le message de news:%2317tG3OSGHA.1948@TK2MSFTNGP09.phx.gbl... >> >> You don't grant permission on a trigger. The table owner that the > trigger >> > is created on need to have >> >> permissions on the objects that the trigger modifies. In reality, the >> > table owner also need to own >> >> the objects that the trigger modifies (read about ownership chains in >> > books online). If you then >> >> grant a user insert, delete or update permission on the table, the >> >> user >> > implicitly has permission to >> >> execute the code in the trigger. >> >> >> >> -- >> >> Tibor Karaszi, SQL Server MVP >> >> http://www.karaszi.com/sqlserver/default.asp >> >> http://www.solidqualitylearning.com/ >> >> >> >> >> >> "Lilian Pigallio" <lpigallio@nospam.com> wrote in message >> >> news:uqSJ7NOSGHA.1576@tk2msftngp13.phx.gbl... >> >> > Hi all, >> >> > >> >> > I use SQL 2000 and I have a special user who can anlu execute a > Stored >> > Proc: >> >> > grant execute on spw_ac_web_action to trwebgroup >> >> > >> >> > It's OK but this "spw_ac_web_action" update a table (it's OK) and i >> >> > have >> > a >> >> > Trigger on this table (KO): The trigger can't "select" on "insert" >> >> > on >> > other >> >> > tables :( >> >> > >> >> > How to "Grant" this Trigger ??? >> >> > >> >> > Lilian. >> >> > >> >> > >> >> >> >> >> > >> > >> >> > > Ok that works... but now @login has the admin right or not (can he DROP
TABLE) ? Show quoteHide quote "Uri Dimant" <u***@iscar.co.il> a écrit dans le message de news:etBt$CQSGHA.4608@tk2msftngp13.phx.gbl... > EXEC sp_addrolemember 'db_owner',@login > > > > > > > "Lilian Pigallio" <lpigallio@nospam.com> wrote in message > news:uXub7$PSGHA.3192@TK2MSFTNGP09.phx.gbl... > > OK that the existing SQL code: > > > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> > > /* webgroup */ > > exec sp_addgroup 'trwebgroup' > > > > /* add the login */ > > exec sp_addlogin 'trweblogin', 'xxxxxxx' > > > > /* add the user */ > > exec sp_adduser 'trweblogin', 'trwebuser', 'trwebgroup' > > > > /* Grant */ > > grant execute on spw_hd_web_action to trwebgroup > > <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< > > > > How to add the dbo_owner database role? to the trwebgroup, to trwebuser or > > to trweblogin ??? > > > > > > Dummy Lilian. > > > > > > "Uri Dimant" <u***@iscar.co.il> a écrit dans le message de > > news:O4hkp1PSGHA.5468@TK2MSFTNGP14.phx.gbl... > >> Lilian > >> Is your "special" user a memmber of dbo_owner database role? > >> > >> > >> "Lilian Pigallio" <lpigallio@nospam.com> wrote in message > >> news:%23RTkblPSGHA.5728@tk2msftngp13.phx.gbl... > >> >I don't really understand...all my tables and triggers were created with > > sa > >> > (dbo owner) then what I have to do? > >> > grant insert, update and select on all my tables for my special user ? > >> > > >> > Lilian. > >> > > >> > > >> > "Tibor Karaszi" <tibor_please.no.email_kara***@hotmail.nomail.com> a > > écrit > >> > dans le message de news:%2317tG3OSGHA.1948@TK2MSFTNGP09.phx.gbl... > >> >> You don't grant permission on a trigger. The table owner that the > > trigger > >> > is created on need to have > >> >> permissions on the objects that the trigger modifies. In reality, the > >> > table owner also need to own > >> >> the objects that the trigger modifies (read about ownership chains in > >> > books online). If you then > >> >> grant a user insert, delete or update permission on the table, the > >> >> user > >> > implicitly has permission to > >> >> execute the code in the trigger. > >> >> > >> >> -- > >> >> Tibor Karaszi, SQL Server MVP > >> >> http://www.karaszi.com/sqlserver/default.asp > >> >> http://www.solidqualitylearning.com/ > >> >> > >> >> > >> >> "Lilian Pigallio" <lpigallio@nospam.com> wrote in message > >> >> news:uqSJ7NOSGHA.1576@tk2msftngp13.phx.gbl... > >> >> > Hi all, > >> >> > > >> >> > I use SQL 2000 and I have a special user who can anlu execute a > > Stored > >> > Proc: > >> >> > grant execute on spw_ac_web_action to trwebgroup > >> >> > > >> >> > It's OK but this "spw_ac_web_action" update a table (it's OK) and i > >> >> > have > >> > a > >> >> > Trigger on this table (KO): The trigger can't "select" on "insert" > >> >> > on > >> > other > >> >> > tables :( > >> >> > > >> >> > How to "Grant" this Trigger ??? > >> >> > > >> >> > Lilian. > >> >> > > >> >> > > >> >> > >> >> > >> > > >> > > >> > >> > > > > > > If all objects are created by sysadmin (dbo), then you don't have to do or grant anything.
-- Show quoteHide quoteTibor Karaszi, SQL Server MVP http://www.karaszi.com/sqlserver/default.asp http://www.solidqualitylearning.com/ "Lilian Pigallio" <lpigallio@nospam.com> wrote in message news:%23RTkblPSGHA.5728@tk2msftngp13.phx.gbl... >I don't really understand...all my tables and triggers were created with sa > (dbo owner) then what I have to do? > grant insert, update and select on all my tables for my special user ? > > Lilian. > > > "Tibor Karaszi" <tibor_please.no.email_kara***@hotmail.nomail.com> a écrit > dans le message de news:%2317tG3OSGHA.1948@TK2MSFTNGP09.phx.gbl... >> You don't grant permission on a trigger. The table owner that the trigger > is created on need to have >> permissions on the objects that the trigger modifies. In reality, the > table owner also need to own >> the objects that the trigger modifies (read about ownership chains in > books online). If you then >> grant a user insert, delete or update permission on the table, the user > implicitly has permission to >> execute the code in the trigger. >> >> -- >> Tibor Karaszi, SQL Server MVP >> http://www.karaszi.com/sqlserver/default.asp >> http://www.solidqualitylearning.com/ >> >> >> "Lilian Pigallio" <lpigallio@nospam.com> wrote in message >> news:uqSJ7NOSGHA.1576@tk2msftngp13.phx.gbl... >> > Hi all, >> > >> > I use SQL 2000 and I have a special user who can anlu execute a Stored > Proc: >> > grant execute on spw_ac_web_action to trwebgroup >> > >> > It's OK but this "spw_ac_web_action" update a table (it's OK) and i have > a >> > Trigger on this table (KO): The trigger can't "select" on "insert" on > other >> > tables :( >> > >> > How to "Grant" this Trigger ??? >> > >> > Lilian. >> > >> > >> >> > >  
Other interesting topics
Deadlock problem with insert trigger
Move DB by backup/restore or SP_Detach? Table comparison "Timeout Expired" on large table change Licensing by the month? Installing SQL Server 2005 MSDE 2000 problems with linked server Q: Diagram in SQL Server Distributed Partioned Views between different SS versions transactional replication for web nodes |
|||||||||||||||||||||||
