Start your free trial now, and begin learning software, business and creative skills—anytime, anywhere—with video instruction from recognized industry experts.

Start Your Free Trial Now

How to Use security and permissions SQL Server

Using security and permissions provides you with in-depth training on Business. Taught by Martin Gui… Show More

SQL Server: Triggers, Stored Procedures, and Functions

with Martin Guidry

Video: How to Use security and permissions SQL Server

Using security and permissions provides you with in-depth training on Business. Taught by Martin Guidry as part of the SQL Server: Triggers, Stored Procedures, and Functions
Expand all | Collapse all
  1. 2m 15s
    1. Welcome
    2. What you should know
    3. Using the exercise files
  2. 11m 1s
    1. Comparing triggers, functions, and procedures
      3m 25s
    2. Why use a stored procedure?
      4m 59s
    3. Why use functions?
      1m 27s
    4. Why use triggers?
      1m 10s
  3. 6m 2s
    1. Configuring your environment
      4m 53s
    2. Downloading and installing a sample database
      1m 9s
  4. 26m 25s
    1. Creating a stored procedure
      2m 46s
    2. Modifying a stored procedure
      2m 34s
    3. Returning data using data sets
      3m 45s
    4. Using input and output parameters
      5m 24s
    5. Returning data using cursors
      3m 45s
    6. Using security and permissions
      5m 24s
    7. Using transactions
      2m 47s
  5. 11m 56s
    1. Creating a user-defined function
      4m 59s
    2. Exploring single-value functions
      4m 18s
    3. Exploring table value functions
      2m 39s
  6. 9m 31s
    1. Using "after" triggers
      3m 47s
    2. Using "instead of" triggers
      2m 9s
    3. Using nested triggers
      1m 38s
    4. Using database-level triggers
      1m 57s
  7. 12m 43s
    1. Exploring a real-world INSERT procedure
      5m 32s
    2. Exploring a real-world UPDATE procedure
      3m 13s
    3. Implementing logging on DELETE
      3m 58s
  8. 19m 38s
    1. Understanding the Common Language Runtime (CLR) and the .NET framework
      1m 52s
    2. Using CLR with SQL Server 2012
      4m 11s
    3. Writing stored procedures with C# .NET
      5m 51s
    4. Writing functions with .NET
      5m 7s
    5. Choosing between T-SQL vs. CLR
      2m 37s
  9. 11m 35s
    1. Creating a basic web form and connecting to a database
      2m 57s
    2. Executing a stored procedure
      2m 4s
    3. Passing parameters
      3m 41s
    4. Getting return values
      2m 53s
  10. 1m 43s
    1. Next steps
      1m 43s

please wait ...
Using security and permissions
Video Duration: 5m 24s 1h 52m Advanced


Using security and permissions provides you with in-depth training on Business. Taught by Martin Guidry as part of the SQL Server: Triggers, Stored Procedures, and Functions

View Course Description

This course investigates several key database-programming concepts: triggers, stored procedures, functions, and .NET CLR (Common Language Runtime) assemblies. Author Martin Guidry shows how to combine these techniques and create a high-quality database using Microsoft SQL Server 2012. The course also covers real-world uses of the INSERT, UPDATE, and DELETE procedures, and how to build a basic web form to connect to your database.

Topics include:
  • Comparing triggers, functions, and stored procedures
  • Installing and configuring SQL Server
  • Creating a stored procedure
  • Returning data using data sets
  • Creating user-defined functions
  • Using "after," "instead," and nested triggers
  • Modifying existing stored procedures
  • Implementing logging on DELETE
  • Choosing between T-SQL and CLR
  • Executing a stored procedure
  • Passing parameters
Business Developer IT
SQL Server

Using security and permissions

One of the main advantages of stored procedures is how they allow us to have more control over the security of the database. We will be working with a hypothetical user in this exercise called John. There is a script in your exercise files for creating the John user. Consider the scenario where we want to give John read only access to a particular table, and maybe not even the entire table. Maybe just one or two columns in the table. You could manually go in and set all these permissions on the table of our each individual column. You could either grant or deny permission.

But it might be a lot of work to do that for a whole bunch of users. So we can hopefully lower our administrative effort by using a different technique to accomplish the same thing. I have on the screen a basic stored procedure. Again, you can find this in your exercise files. This stored procedure is called securityTest. It will form a SELECT statement. I'm going to select two columns from the authors table, fairly simple. When we Execute this, we get the results we expected. Nothing too exciting just yet. We get FirstName and LastName from every row in the table.

Now let's talk about John. So let's go and give John permission to run this stored procedure. We will right-click on it and at the bottom we have Properties, over here we can go to Permissions, we will be setting permissions for John and we'll go into it and allow him to Execute and that's it. I don't want him doing anything other than executing the stored procedure. So I'll Logout and then log back in, as John.

And he can get into the myDatabase. You can see one of the stored procedures. Now remember our database has three stored procedures. John can only see one of them, the one we gave him permission to, and he should be able to execute that stored procedure. And yes, in fact he can, and he gets the exact same results as any other user. John can not see the table. He doesn't see the underlying table. So he has no way of knowing there were other columns in this table. Some of these other columns in the table are in fact storing things like Address and Phone Number, which could be confidential information.

Using this technique, we've completely masked not only the contents of those columns from John, we've also masked even the fact that those columns exist. So we are in a situation like this where we want a stored procedure to allow access to a table where the user does not have permission to that underlying table, in order for it to work, the stored procedure in the table, we need to have the same owner, and in fact, our stored procedure is owned by dbo. And the table is also owned by dbo.

If either of them was owned by someone else this would not work. So let's go ahead and demo that. I'm going to logout as John. Log back in as someone who has the necessary permissions to change this stuff. So our authors table is currently owned by dbo. Let's go ahead and change that. So we're going to use this stored procedure designed for changing ownership. And it's called SP_changeObjectOwner and the thing we want to change, the owner of is dbo.Authors and we will want to change the owner to Martin, and it looks like it worked.

Click Refresh right here, yes. We'll also need to make one change to the stored procedure. The stored procedure is looking for dbo.Authors, which no longer exists. So we'll change that to Martin.Authors. Then now, I'd like to test to make sure this stored procedure still works for Martin, because Martin should still have enough permission for this to run. So Execute dbo.securityTest. And that still runs for Martin. I'm anticipating this will not work properly for John.

Let's go ahead and test that. I'm going to logout as Martin, log back in as John. John can still see the stored procedure, but when he tries to execute the stored procedure, it gives the error: The SELECT permission was denied on the object "Authors". So now, because the stored procedure and the authors table have different owners, the permissions are not passed back and forth the same way. And John is no longer able to query that from the stored procedure, even though he has permission to the stored procedure.

In this case, he would also need permission to the underlying table. So the hypothetical, we were working through, we first stored this, now we want to allow access to John, will only work if both items are owned by the same owner. So now let's do a little housekeeping to clean up some of the changes we made here. First of all, I'm going to logout as John, because the remainder of the work I want to do as a different user. I'll log back in as myself. And we should see the authors table is still owned by Martin.

I'll prefer to put it back to be and owned by dbo. And if you want your environment to match mine, go ahead and execute the code that's on the screen and make sure it's Martin.Authors. And when we refresh, yes; we should see that is now owned again by dbo and it will remain that way for the remainder of our course.

There are currently no FAQs about SQL Server: Triggers, Stored Procedures, and Functions.






Don't show this message again
Share a link to this course

What are exercise files?

Exercise files are the same files the author uses in the course. Save time by downloading the author's files instead of setting up your own files, and learn by following along with the instructor.

Can I take this course without the exercise files?

Yes! If you decide you would like the exercise files later, you can upgrade to a premium account any time.

Become a member Download sample files See plans and pricing

Please wait... please wait ...
Upgrade to get access to exercise files.

Exercise files video

How to use exercise files.

Learn by watching, listening, and doing, Exercise files are the same files the author uses in the course, so you can download them and follow along Premium memberships include access to all exercise files in the library.

Exercise files

Exercise files video

How to use exercise files.

For additional information on downloading and using exercise files, watch our instructional video or read the instructions in the FAQ .

This course includes free exercise files, so you can practice while you watch the course. To access all the exercise files in our library, become a Premium Member.

* Estimated file size

Are you sure you want to mark all the videos in this course as unwatched?

This will not affect your course history, your reports, or your certificates of completion for this course.

Mark all as unwatched Cancel


You have completed SQL Server: Triggers, Stored Procedures, and Functions.

Return to your organization's learning portal to continue training, or close this page.


Upgrade to View Courses Offline


With our new Desktop App, Annual Premium Members can download courses for Internet-free viewing.

Upgrade Now

After upgrading, download Desktop App Here.

Become a Member and Create Custom Playlists

Join today and get unlimited access to the entire library of online learning video courses—and create as many playlists as you like.

Get started

Already a member?

Log in

Exercise files

Learn by watching, listening, and doing! Exercise files are the same files the author uses in the course, so you can download them and follow along. Exercise files are available with all Premium memberships. Learn more

Get started

Already a Premium member?

Exercise files video

How to use exercise files.

Ask a question

Thanks for contacting us.
You’ll hear from our Customer Service team within 24 hours.

Please enter the text shown below:

Exercise files

Access exercise files from a button right under the course name.

Mark videos as unwatched

Remove icons showing you already watched videos if you want to start over.

Control your viewing experience

Make the video wide, narrow, full-screen, or pop the player out of the page into its own window.

Interactive transcripts

Click on text in the transcript to jump to that spot in the video. As the video plays, the relevant spot in the transcript will be highlighted.

You started this assessment previously and didn’t complete it.

You can pick up where you left off, or start over.

Resume Start over

Learn more, save more. Upgrade today!

Get our Annual Premium Membership at our best savings yet.

Upgrade to our Annual Premium Membership today and get even more value from your subscription:

“In a way, I feel like you are rooting for me. Like you are really invested in my experience, and want me to get as much out of these courses as possible this is the best place to start on your journey to learning new material.”— Nadine H.

Thanks for signing up.

We’ll send you a confirmation email shortly.

Sign up and receive emails about and our online training library:

Here’s our privacy policy with more details about how we handle your information.

Keep up with news, tips, and latest courses with emails from

Sign up and receive emails about and our online training library:

Here’s our privacy policy with more details about how we handle your information.

submit Lightbox submit clicked
Terms and conditions of use

We've updated our terms and conditions (now called terms of service).Go
Review and accept our updated terms of service.