Start learning with our library of video tutorials taught by experts. Get started

SQL Server: Triggers, Stored Procedures, and Functions
Watching:

Using security and permissions


From:

SQL Server: Triggers, Stored Procedures, and Functions

with Martin Guidry

Video: Using security and permissions

One of the main advantages of stored procedures is how they allow us to have more control over the security of the database. We will be working with a hypothetical user in this exercise called John. There is a script in your exercise files for creating the John user. Consider the scenario where we want to give John read only access to a particular table, and maybe not even the entire table. Maybe just one or two columns in the table. You could manually go in and set all these permissions on the table of our each individual column. You could either grant or deny permission.
Expand all | Collapse all
  1. 2m 15s
    1. Welcome
      51s
    2. What you should know
      51s
    3. Using the exercise files
      33s
  2. 11m 1s
    1. Comparing triggers, functions, and procedures
      3m 25s
    2. Why use a stored procedure?
      4m 59s
    3. Why use functions?
      1m 27s
    4. Why use triggers?
      1m 10s
  3. 6m 2s
    1. Configuring your environment
      4m 53s
    2. Downloading and installing a sample database
      1m 9s
  4. 26m 25s
    1. Creating a stored procedure
      2m 46s
    2. Modifying a stored procedure
      2m 34s
    3. Returning data using data sets
      3m 45s
    4. Returning data using cursors
      3m 45s
    5. Using input and output parameters
      5m 24s
    6. Using security and permissions
      5m 24s
    7. Using transactions
      2m 47s
  5. 11m 56s
    1. Creating a user-defined function
      4m 59s
    2. Exploring single-value functions
      4m 18s
    3. Exploring table value functions
      2m 39s
  6. 9m 31s
    1. Using "after" triggers
      3m 47s
    2. Using "instead of" triggers
      2m 9s
    3. Using nested triggers
      1m 38s
    4. Using database-level triggers
      1m 57s
  7. 12m 43s
    1. Exploring a real-world INSERT procedure
      5m 32s
    2. Exploring a real-world UPDATE procedure
      3m 13s
    3. Implementing logging on DELETE
      3m 58s
  8. 19m 38s
    1. Understanding the Common Language Runtime (CLR) and the .NET framework
      1m 52s
    2. Using CLR with SQL Server 2012
      4m 11s
    3. Writing stored procedures with C# .NET
      5m 51s
    4. Writing functions with .NET
      5m 7s
    5. Choosing between T-SQL vs. CLR
      2m 37s
  9. 11m 34s
    1. Creating a basic web form and connecting to a database
      2m 56s
    2. Executing a stored procedure
      2m 4s
    3. Passing parameters
      3m 41s
    4. Getting return values
      2m 53s
  10. 1m 43s
    1. Next steps
      1m 43s

Watch this entire course now—plus get access to every course in the library. Each course includes high-quality videos taught by expert instructors.

Become a member
Please wait...
SQL Server: Triggers, Stored Procedures, and Functions
1h 52m Advanced Sep 24, 2012

Viewers: in countries Watching now:

This course investigates several key database-programming concepts: triggers, stored procedures, functions, and .NET CLR (Common Language Runtime) assemblies. Author Martin Guidry shows how to combine these techniques and create a high-quality database using Microsoft SQL Server 2012. The course also covers real-world uses of the INSERT, UPDATE, and DELETE procedures, and how to build a basic web form to connect to your database.

Topics include:
  • Comparing triggers, functions, and stored procedures
  • Installing and configuring SQL Server
  • Creating a stored procedure
  • Returning data using data sets
  • Creating user-defined functions
  • Using "after," "instead," and nested triggers
  • Modifying existing stored procedures
  • Implementing logging on DELETE
  • Choosing between T-SQL and CLR
  • Executing a stored procedure
  • Passing parameters
Subjects:
Developer Databases
Software:
SQL Server
Author:
Martin Guidry

Using security and permissions

One of the main advantages of stored procedures is how they allow us to have more control over the security of the database. We will be working with a hypothetical user in this exercise called John. There is a script in your exercise files for creating the John user. Consider the scenario where we want to give John read only access to a particular table, and maybe not even the entire table. Maybe just one or two columns in the table. You could manually go in and set all these permissions on the table of our each individual column. You could either grant or deny permission.

But it might be a lot of work to do that for a whole bunch of users. So we can hopefully lower our administrative effort by using a different technique to accomplish the same thing. I have on the screen a basic stored procedure. Again, you can find this in your exercise files. This stored procedure is called securityTest. It will form a SELECT statement. I'm going to select two columns from the authors table, fairly simple. When we Execute this, we get the results we expected. Nothing too exciting just yet. We get FirstName and LastName from every row in the table.

Now let's talk about John. So let's go and give John permission to run this stored procedure. We will right-click on it and at the bottom we have Properties, over here we can go to Permissions, we will be setting permissions for John and we'll go into it and allow him to Execute and that's it. I don't want him doing anything other than executing the stored procedure. So I'll Logout and then log back in, as John.

And he can get into the myDatabase. You can see one of the stored procedures. Now remember our database has three stored procedures. John can only see one of them, the one we gave him permission to, and he should be able to execute that stored procedure. And yes, in fact he can, and he gets the exact same results as any other user. John can not see the table. He doesn't see the underlying table. So he has no way of knowing there were other columns in this table. Some of these other columns in the table are in fact storing things like Address and Phone Number, which could be confidential information.

Using this technique, we've completely masked not only the contents of those columns from John, we've also masked even the fact that those columns exist. So we are in a situation like this where we want a stored procedure to allow access to a table where the user does not have permission to that underlying table, in order for it to work, the stored procedure in the table, we need to have the same owner, and in fact, our stored procedure is owned by dbo. And the table is also owned by dbo.

If either of them was owned by someone else this would not work. So let's go ahead and demo that. I'm going to logout as John. Log back in as someone who has the necessary permissions to change this stuff. So our authors table is currently owned by dbo. Let's go ahead and change that. So we're going to use this stored procedure designed for changing ownership. And it's called SP_changeObjectOwner and the thing we want to change, the owner of is dbo.Authors and we will want to change the owner to Martin, and it looks like it worked.

Click Refresh right here, yes. We'll also need to make one change to the stored procedure. The stored procedure is looking for dbo.Authors, which no longer exists. So we'll change that to Martin.Authors. Then now, I'd like to test to make sure this stored procedure still works for Martin, because Martin should still have enough permission for this to run. So Execute dbo.securityTest. And that still runs for Martin. I'm anticipating this will not work properly for John.

Let's go ahead and test that. I'm going to logout as Martin, log back in as John. John can still see the stored procedure, but when he tries to execute the stored procedure, it gives the error: The SELECT permission was denied on the object "Authors". So now, because the stored procedure and the authors table have different owners, the permissions are not passed back and forth the same way. And John is no longer able to query that from the stored procedure, even though he has permission to the stored procedure.

In this case, he would also need permission to the underlying table. So the hypothetical, we were working through, we first stored this, now we want to allow access to John, will only work if both items are owned by the same owner. So now let's do a little housekeeping to clean up some of the changes we made here. First of all, I'm going to logout as John, because the remainder of the work I want to do as a different user. I'll log back in as myself. And we should see the authors table is still owned by Martin.

I'll prefer to put it back to be and owned by dbo. And if you want your environment to match mine, go ahead and execute the code that's on the screen and make sure it's Martin.Authors. And when we refresh, yes; we should see that is now owned again by dbo and it will remain that way for the remainder of our course.

There are currently no FAQs about SQL Server: Triggers, Stored Procedures, and Functions.

Share a link to this course
Please wait... Please wait...
Upgrade to get access to exercise files.

Exercise files video

How to use exercise files.

Learn by watching, listening, and doing, Exercise files are the same files the author uses in the course, so you can download them and follow along Premium memberships include access to all exercise files in the library.
Upgrade now


Exercise files

Exercise files video

How to use exercise files.

For additional information on downloading and using exercise files, watch our instructional video or read the instructions in the FAQ.

This course includes free exercise files, so you can practice while you watch the course. To access all the exercise files in our library, become a Premium Member.

join now

Are you sure you want to mark all the videos in this course as unwatched?

This will not affect your course history, your reports, or your certificates of completion for this course.


Mark all as unwatched Cancel

Congratulations

You have completed SQL Server: Triggers, Stored Procedures, and Functions.

Return to your organization's learning portal to continue training, or close this page.


OK
Become a member to add this course to a playlist

Join today and get unlimited access to the entire library of video courses—and create as many playlists as you like.

Get started

Already a member?

Become a member to like this course.

Join today and get unlimited access to the entire library of video courses.

Get started

Already a member?

Exercise files

Learn by watching, listening, and doing! Exercise files are the same files the author uses in the course, so you can download them and follow along. Exercise files are available with all Premium memberships. Learn more

Get started

Already a Premium member?

Exercise files video

How to use exercise files.

Ask a question

Thanks for contacting us.
You’ll hear from our Customer Service team within 24 hours.

Please enter the text shown below:

The classic layout automatically defaults to the latest Flash Player.

To choose a different player, hold the cursor over your name at the top right of any lynda.com page and choose Site preferencesfrom the dropdown menu.

Continue to classic layout Stay on new layout
Welcome to the redesigned course page.

We’ve moved some things around, and now you can



Exercise files

Access exercise files from a button right under the course name.

Mark videos as unwatched

Remove icons showing you already watched videos if you want to start over.

Control your viewing experience

Make the video wide, narrow, full-screen, or pop the player out of the page into its own window.

Interactive transcripts

Click on text in the transcript to jump to that spot in the video. As the video plays, the relevant spot in the transcript will be highlighted.

Thanks for signing up.

We’ll send you a confirmation email shortly.


Sign up and receive emails about lynda.com and our online training library:

Here’s our privacy policy with more details about how we handle your information.

Keep up with news, tips, and latest courses with emails from lynda.com.

Sign up and receive emails about lynda.com and our online training library:

Here’s our privacy policy with more details about how we handle your information.

   
submit Lightbox submit clicked