问题
I want to grant a user permission to create, alter, and execute stored procedures, but without the ability to create other database objects. I excluded them from the role db_ddladmin, but explicitly granted the permissions "Create procedure" and "Execute". These permssions appear in the effective permissions list. However, when I try to create a stored procedure with this login, I get the following error:
"The specified schema name "dbo" either does not exist or you do not have permission to use it."
Any suggestions?
回答1:
A user can create procedures in a schema that they own. So you can set up a schema for the user to do development work. Then, if it needs to be dbo, the admin can put it there when development is done.
回答2:
If you can create (or alter) and execute a stored procedure, you can do anything.
Execute on a stored procedure implies all other permissions within the context of that procedure. So if you can change a procedure and run it, there's no point in restricting anything else. You could just make the procedure act as a proxy on your behalf.
来源:https://stackoverflow.com/questions/226811/sql-server-2005-granting-permission-to-create-stored-procedures-but-no-other