what rights should be given for my live asp.net sql server?
-
28-05-2021 - |
Question
I am wondering what rights should be given to sql server user for asp.net website considering following criteria
Sql server user
Should be able to do
- read from tables
- insert into tables
- update rows
- execute sp, udf
Should NOT be able to
- delete any of the tables
- delete any records from table
- delete any stored proc, udf or any other procedures
- create new table
- create new sp, udf, trigger, index etc
- alter any table
- alter any columns in tables
- alter any sp, udf, trigger, index etc
- any other dangerous stuff
Solution
Create a user and then apply the following scripts substituting USERNAME with your sql user. This will generate all the scripts you should need!
--STORED PROCS
select 'GRANT EXECUTE ON [' + sys.schemas.name + '].[' + sys.objects.name +'] TO USERNAME' as SQL from sys.objects
INNER JOIN sys.schemas ON sys.schemas.schema_id = sys.objects.schema_id
where type = 'P'
--TABLES
select 'GRANT SELECT ON [' + sys.schemas.name + '].[' + sys.objects.name +'] TO USERNAME' as SQL from sys.objects
INNER JOIN sys.schemas ON sys.schemas.schema_id = sys.objects.schema_id
where type = 'U'
--TABLES
select 'GRANT INSERT ON [' + sys.schemas.name + '].[' + sys.objects.name +'] TO USERNAME' as SQL from sys.objects
INNER JOIN sys.schemas ON sys.schemas.schema_id = sys.objects.schema_id
where type = 'U'
--TABLES
select 'GRANT UPDATE ON [' + sys.schemas.name + '].[' + sys.objects.name +'] TO USERNAME' as SQL from sys.objects
INNER JOIN sys.schemas ON sys.schemas.schema_id = sys.objects.schema_id
where type = 'U'
--FUNCTIONS
select 'GRANT EXECUTE ON [' + sys.schemas.name + '].[' + sys.objects.name +'] TO USERNAME' as SQL from sys.objects
INNER JOIN sys.schemas ON sys.schemas.schema_id = sys.objects.schema_id
where type = 'FN'
--VIEWS
select 'GRANT SELECT ON [' + sys.schemas.name + '].[' + sys.objects.name +'] TO dardsfp' as SQL from sys.objects
INNER JOIN sys.schemas ON sys.schemas.schema_id = sys.objects.schema_id
where type ='V'
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow