HiveBrain v1.2.0
Get Started
← Back to all entries
patternsqlMinor

DENY access to EXEC for a role

Submitted by: @import:stackexchange-dba··
0
Viewed 0 times
denyroleforexecaccess

Problem

I have a read-only database user that I do not want to be able to run the EXEC command. I ran the following:

DENY EXECUTE to db_USERROLE_deny


That completed successfully; however, when I sign in as that user and run the following it runs and gives me output:

EXEC sp_columns table1


How can I deny this user the ability to run EXEC command on the database he connects to?

Solution

Since these are system stored procedures, you need to deny permissions in the master database using a new role in master, not the one you already have:

  • Add a new role DenyExecRole in master



  • Add the desired login to that role



-
Deny execute permissions:

USE master;
DENY EXECUTE TO DenyExecRole;

Code Snippets

USE master;
DENY EXECUTE TO DenyExecRole;

Context

StackExchange Database Administrators Q#101530, answer score: 2

Revisions (0)

No revisions yet.