Stored procedures can serve as security mechanisms, since a user can be granted permission to execute a stored procedure, even if she or he does not have permissions on the tables or views referenced in it or permission to execute specific commands. For details, see the System Administration Guide.
You can protect the source text of a stored procedure against unauthorized access by restricting select permission on the text column of the syscomments table to the creator of the procedure and the System Administrator. This restriction is required to run Adaptive Server in the evaluated configuration. To enact this restriction, a System Security Officer must reset the allow select on syscomments.text column parameter using sp_configure. For more information, see the System Administration Guide.
Another way to protect access to the source text of a stored procedure is to hide the source text using sp_hidetext. For information, see sp_hidetext in the Reference Manual.
Copyright © 2005. Sybase Inc. All rights reserved. |