BorlandTalk.com Borland discussion newsgroups   Archives   FAQ   Search   Memberlist   Usergroups   Register   Profile   Log in to check your private messages   Log in  storedproc.edit: "select permission denied" when assigning          BorlandTalk.com Forum Index -> Delphi Databases (ADO) View previous topic :: View next topic   Author Message Jeremy Guest Posted: Tue Feb 08, 2005 1:19 am    Post subject: storedproc.edit: "select permission denied" when assigning I have a stored proc on ms sql server which I am opening with a tadostoredproc. The proc does this: select * from tbl1 where tbl1.fld1 in (select fld2 from tbl2 where tbl2.fld3=@myparm) The program loops through the table, assigning values to certain fields: ... sp.edit sp.fieldvalues['fldxxx'] := myvar; <== error happens here. sp.post; sp.next; ... Some users can run the program just fine, but others can't. The error these unfortunates get is "select permission denied on tbl1 for user dbo ..". I gave these folks select permission on the tbl1, and that fixed the problem. But I really don't want to give anyone direct table permissions, just to the stored procs. An interesting side effect seems to be that giving users direct rights to the table seems to have sped up the process a bunch. What on earth is Delphi doing inside it's tadostoredproc? Jeremy Back to top Matt Jacobs Guest Posted: Tue Feb 08, 2005 4:00 am    Post subject: Re: storedproc.edit: "select permission denied" when assign "Jeremy" <jeremy> wrote: Quote: I have a stored proc on ms sql server which I am opening with a tadostoredproc. The proc does this: select * from tbl1 where tbl1.fld1 in (select fld2 from tbl2 where tbl2.fld3=@myparm) The program loops through the table, assigning values to certain fields: ... sp.edit sp.fieldvalues['fldxxx'] := myvar; <== error happens here. sp.post; sp.next; ... Some users can run the program just fine, but others can't. The error these unfortunates get is "select permission denied on tbl1 for user dbo ..". I gave these folks select permission on the tbl1, and that fixed the problem. But I really don't want to give anyone direct table permissions, just to the stored procs. An interesting side effect seems to be that giving users direct rights to the table seems to have sped up the process a bunch. What on earth is Delphi doing inside it's tadostoredproc? Could be an ownership chain issue. Using Ownership Chains http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adminsql/ad_security_4iyb.asp Using Stored Procedures as Security Mechanisms http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adminsql/ad_security_3whf.asp Back to top Del M Guest Posted: Tue Feb 08, 2005 11:35 am    Post subject: Re: storedproc.edit: "select permission denied" when assign Delphi isn't doing anything inside the stored procedure, SQL Server is doing it. Do you have a primary key on the table? Since the stored proc is returning an adorecordset, then you should change the tadostoredproc to a tadodataset. Set the commandtype to stored procedure, set the lock type to batchoptimistic, be sure after completion of your loop that you do "updatebatch" to actually apply the changes to the table. If you are looking for speed, you could just use a tadodataset and do a "update table1 set x=y, z=q, where ... in (select ... " That would probably go much faster since the database engine will update the database for you and your delphi program will never even see the data or send it back and forth between the client and the database. Back to top Jeremy Guest Posted: Tue Feb 08, 2005 5:15 pm    Post subject: Re: storedproc.edit: "select permission denied" when assign Del, I eventually got around to reading the delphi help on this, and it says that after you issue a tadostoredproc.edit, the component retrieves the record. At this point it isn't a "stored proc" anymore as far as the sql connection is concerned, so it needs to check for permissions again to do this implicit select. What you say about using a tadorecordset is intriguing. I'll check it out. However, it sounds like it still is going to need select permission. Thanks. Jeremy "Del M" <Del.Murray (AT) CreditHawk (DOT) Net> wrote Quote: Delphi isn't doing anything inside the stored procedure, SQL Server is doing it. Do you have a primary key on the table? Since the stored proc is returning an adorecordset, then you should change the tadostoredproc to a tadodataset. Set the commandtype to stored procedure, set the lock type to batchoptimistic, be sure after completion of your loop that you do "updatebatch" to actually apply the changes to the table. If you are looking for speed, you could just use a tadodataset and do a "update table1 set x=y, z=q, where ... in (select ... " That would probably go much faster since the database engine will update the database for you and your delphi program will never even see the data or send it back and forth between the client and the database. Back to top Del M Guest Posted: Tue Feb 08, 2005 7:08 pm    Post subject: Re: storedproc.edit: "select permission denied" when assign you should be using a sql userid that has the correct permissions for the application. If one user logged in under that userid can perform the operation then all users under that id can. Go with the tadodataset, your life will be simpler. Tadostoredproc is for executing stored procedures that dont return data, to use it any other way is probably going to get you a lot of grief, IIRC it is a little buggy. Back to top Jeremy Guest Posted: Tue Feb 08, 2005 10:46 pm    Post subject: Re: storedproc.edit: "select permission denied" when assign Del, pardon me if I disagree with your statements. First, people who are concerned with security prefer NOT giving end users direct table permissions, but only giving them exec rights to stored procedures. I think you're also suggesting that there be a single userid that everyone uses. Sorry, that would be a very serious security problem that we could not tolerate. If you mean using an application role to control access, that would be ok (but each user still should have to authenticate with their own unique login). This app doesn't happen to use an application role, but I have other apps that do use them successfully. As for tadostoredproc being buggy, I don't think so. I have hundreds of them in use in various apps, and they work extremely well, and very, very fast -- even across the internet. In fact I have several that return multiple recordsets. Saves a vast amount of latency which can be an app-killer across the net. In the specific case I raised, the behavior doesn't qualify as a bug. True, I didn't understand how it worked, but now I know. Jeremy "Del M" <Del.Murray (AT) CreditHawk (DOT) Net> wrote Quote: you should be using a sql userid that has the correct permissions for the application. If one user logged in under that userid can perform the operation then all users under that id can. Go with the tadodataset, your life will be simpler. Tadostoredproc is for executing stored procedures that dont return data, to use it any other way is probably going to get you a lot of grief, IIRC it is a little buggy. Back to top Jeremy Guest Posted: Fri Feb 11, 2005 7:33 pm    Post subject: Re: storedproc.edit: "select permission denied" when assign Brian, thanks for reminding me about this. However, it does seem that both tadostoredproc and tadodataset inherit the same edit method from tdataset, which actually retrieves the record, thereby requiring the currently logged-in user to have a rights I don't want them to have. At some point I'll revise the code to use a stored proc to do the update, and banish Edit forever. Thanks Jeremy "Brian Bushay TeamB" <BBushay (AT) Nmpls (DOT) com> wrote Quote: Go with the tadodataset, your life will be simpler. Tadostoredproc is for executing stored procedures that dont return data, to use it any other way is probably going to get you a lot of grief, IIRC it is a little buggy. TADOStoredProc is designed to run a storedprocedure with or without a returned recordset. TadoDataset is probably a better alternative for use with a StoredProcedure that returns a recordset. Borland intended TadoQuery and TadoStoredProc as transition components to make migration from TQuery and TstoredProc. -- Brian Bushay (TeamB) [email]Bbushay (AT) NMPLS (DOT) com[/email] Back to top Display posts from previous: All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 Year Oldest FirstNewest First         BorlandTalk.com Forum Index -> Delphi Databases (ADO) All times are GMT Page 1 of 1   Jump to: Select a forum C++ Builder Newsgroups----------------C++ BuilderC++ Builder (ActiveX)C++ Builder (Announcements)C++ Builder (Command Line Tools)C++ Builder DatabasesC++ Builder Databases (ADO)C++ Builder Databases (Desktop)C++ Builder Databases (InterBase Express)C++ Builder Databases (Multi-Tier)C++ Builder Databases (SQL Servers)C++ Builder (Graphics)C++ Builder (IDE)C++ Builder (Internet)C++ Builder (Internet Socket)C++ Builder (Internet Web)C++ Builder (Jobs)C++ Builder (Language)C++ Builder (Language C++)C++ Builder (Compatibility with MFC)C++ Builder (Native API)C++ Builder (Non-Technical)C++ Builder (Students)C++ Builder (Third Party Tools)C++ Builder (Upgrade)C++ Builder (VCL)C++ Builder (VCL Components Usage)C++ Builder (VCL Components Development)C++ Builder (VCL Usage)C++ Builder (WinAPI)C++ Builder Installation Delphi Newsgroups----------------Delphi (General)Delphi ActiveX Controls UsageDelphi ActiveX Controls DevelopmentDelphi As400Delphi DatabasesDelphi Databases (ADO)Delphi Databases (dbExpress)Delphi Databases (Desktop)Delphi Databases (InterBase Express)Delphi Databases (Multi-Tier)Delphi Databases (SQL Servers)Delphi DeploymentDelphi GraphicsDelphi IDEDelphi InternationalizationDelphi InternetDelphi Internet Isapi-WebBrokerDelphi Internet WebSnapDelphi Internet WinsockDelphi JobsDelphi Language BASMDelphi Language ObjectPascalDelphi Model Driven Architecture (General)Delphi Model Driven Architecture (Third Party)Delphi MultimediaDelphi Native APIDelphi Non-TechnicalDelphi ObjectPascalDelphi OLE AutomationDelphi OO designDelphi OpenToolsAPIDelphi Reporting-ChartingDelphi RTLDelphi StudentsDelphi TeamSourceDelphi Thirdparty ToolsDelphi Thirdparty Tools (General)Delphi Thirdparty Tools (IntraWeb)Delphi Thirdparty Tools (RaveReports)Delphi UpgradeDelphi VCLDelphi VCL ComponentsDelphi VCL Components UsingDelphi VCL Components WritingDelphi WebServices SOAPDelphi WinAPIDelphi XMLDelphi Installationcomp.lang.pascal.delphi.components.misccomp.lang.pascal.delphi.components.usagecomp.lang.pascal.delphi.components.writingcomp.lang.pascal.delphi.databasescomp.lang.pascal.delphi.misccomp.sources.delphi JBuilder Newsgroups----------------JBuilderJBuilder AnnouncementsJBuilder Applet IssuesJBuilder As400JBuilder CompilerJBuilder CORBA/RMIJBuilder DatabasesJBuilder DB SwingJBuilder DebuggerJBuilder DeploymentJBuilder DocumentationJBuilder EnterpriseJBuilder HandheldJBuilder IDEJBuilder JavaJBuilder JavaAPIJBuilder Java LanguageJBuilder Java SwingJBuilder Java BeansJBuilder Java Beans UsageJBuilder Java Beans DevelopmentJBuilder JBCLJBuilder JDataStoreJBuilder JobsJBuilder LinuxJBuilder MacintoshJBuilder & MobileSetJBuilder MultiLingual AppsJBuilder Non-TechnicalJBuilder OpenToolsJBuilder Servlets (JSP)JBuilder StudentsJBuilder Team DevelopmentJBuilder Thirdparty ToolsJBuilder UpgradeJBuilder Installation InterBase Newsgroups----------------InterBaseInterBase Bug DiscussionInterBase GeneralInterBase IBConsoleInterBase OpenSourceInterBase ReplicationInterBase SQLInterBase ThirdpartyInterBase Installation Miscellaneous Borland Newsgroups----------------AppCenterAppServerEnteraVisiBroker  You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum Powered by phpBB © 2001, 2006 phpBB Group SEO toolkit © 2004-2006 webmedic.