As of version 11.5.1, ASE performs more rigorous checking of permissions-related access to database objects. This change was not documented in 11.5 documentation. The changes may affect the behavior of applications that test for specific error codes and those that perform auditing of failed permissions. The types of changes include the following:
Some permission checks that used to be performed at compile time are now delayed until execution time. This closes a loophole that allowed users to execute stored procedures if copies of the procedure remained in cache after permissions for the user were revoked. It can affect the type of error, and the error number, returned by some command batches.
The ordering of checks for existence, checks for permissions, integrity checks, and the auditing of events may now be performed in different order. The order of these checks depends on the type of query, on whether commands were batched, and on the inclusion of procedural objects in the batch. This can affect the type of error, the error number, or the type of event audited.
