There are precious few scenarios where non-DBA's in my environment have any business looking at system tables. However, I have seen questions on the forums where someone needs to allow a developer to select information off specific DMV's or system Views/Tables. With SQL 2005, you can build wrapper stored procedures that execute under the context of the Database Owner Account. In my environment this happens to be the sa user account for most databases. So for a user to get information from sys.databases, you can create a stored procedure as follows:
CREATE PROCEDURE uspGetDatabaseInfo
WITH EXECUTE AS OWNER
AS
BEGIN
SELECT * FROM sys.databases
END
GO
Then all you have to do is grant a user execute rights to this procedure. They can't run a selects against the system table, but they can view the information inside of them.
No comments:
Post a Comment