patternsqlMinor
DENY access to EXEC for a role
Viewed 0 times
denyroleforexecaccess
Problem
I have a read-only database user that I do not want to be able to run the
That completed successfully; however, when I sign in as that user and run the following it runs and gives me output:
How can I deny this user the ability to run
EXEC command. I ran the following:DENY EXECUTE to db_USERROLE_denyThat completed successfully; however, when I sign in as that user and run the following it runs and gives me output:
EXEC sp_columns table1How can I deny this user the ability to run
EXEC command on the database he connects to?Solution
Since these are system stored procedures, you need to deny permissions in the master database using a new role in master, not the one you already have:
-
Deny execute permissions:
- Add a new role DenyExecRole in master
- Add the desired login to that role
-
Deny execute permissions:
USE master;
DENY EXECUTE TO DenyExecRole;Code Snippets
USE master;
DENY EXECUTE TO DenyExecRole;Context
StackExchange Database Administrators Q#101530, answer score: 2
Revisions (0)
No revisions yet.