Permissions on Dynamic SQL

  • Thread starter Thread starter ExcelMan
  • Start date Start date
E

ExcelMan

I have some code where I create some SQL and execute it with an ADO
Command object. Problem is that for some users the table I am updating
is not one they have permission to update (and they cannot have
permission to directly update).

I know that for stored queries I can run "WITH OWNERACCESS OPTION" and
allow the query to be executed as if it was the table owner running the
query, but it doesn't work to just add that clause to the dynamic SQL
statement.

Is there a way I can allow a user to execute a dynamically created SQL
statement as if he had permissions to the table?

Thanks.
 
I don't believe there is, no. Two potential alternatives are to use a saved
parameter query and assign values to the parameters at runtime instead of
building the SQL at run time, or to save a 'dummy' OWNERACCESS query, and
change the SQL of that query at runtime.

The parameter query is more secure, being less vulnerable to SQL-injection
attacks.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Group Permissions and SQL 6
update time value issue 7
SQL Error 2
What sql server permissions etc for linked tables, sprocs 3
Invalid Column Name Sql-Error :Executing a stored procedure 1
Make Table Dynamic Table Name using INTO 2
subform based on external SQL won't requery 1
relation ship and query 2

Back
Top