Security Notes
This section provides information about supported connections and privilege requirements.
Supported Connections
Waveset uses JDBC over SSL to communicate with SQL Server.
Required Administrative Privileges
The following table indicates who can execute the system procedures:
|
System Procedure |
Permissions Required |
|---|---|
|
sp_addlogin |
Members of the sysadmin and securityadmin fixed server roles. |
|
sp_addrole |
Members of the sysadmin fixed server role, and the db_securityadmin and db_owner fixed database roles. |
|
sp_addrolemember |
Members of the sysadmin fixed server role and the db_owner fixed database role can execute sp_addrolemember to add a member to fixed database roles. Role owners can execute sp_addrolemember to add a member to any SQL Server role they own. Members of the db_securityadmin fixed database role can add users to any user-defined role. |
|
sp_addsvrrolemember |
Members of the sysadmin fixed server role. |
|
sp_droplogin |
Members of the sysadmin and securityadmin fixed server roles. |
|
sp_droprolemember |
Only members of the sysadmin fixed server role, the db_owner and db_securityadmin fixed database roles can execute sp_droprolemember. Only a member of the db_owner fixed database role can remove users from a fixed database role. |
|
sp_dropsvrrolemember |
Members of the sysadmin fixed server role. |
|
sp_grantdbaccess |
Members of the sysadmin fixed server role, the db_accessadmin and db_owner fixed database roles. |
|
sp_helplogins |
Members of the sysadmin and securityadmin fixed server roles. |
|
sp_helprole |
Execute permissions default to the public role. |
|
sp_helpsrvrolemember |
Execute permissions default to the public role. |
|
sp_helpuser |
Execute permissions default to the public role. |
|
sp_password |
Execute permissions default to the public role for a user changing the password for his or her own login. Only members of the sysadmin role can change the password for another user’s login. |
|
sp_revokedbaccess |
Members of the sysadmin fixed server role, and the db_accessadmin and db_owner fixed database roles |
Proxy Accounts
Prior to SQL Server version 2005, users assigned a public role could view metadata for all database objects. Consequently, any user who was logged on to a SQL Server instance could view the metadata for every object in the server, including objects for which the user had no rights.
As of SQL Server version 2005, the visibility of metadata is limited to those securables owned by a user or for which the user has been granted permission.
To allow callers to view metadata, you can grant them the VIEW DEFINITION permission at an appropriate level. For example, you can grant permissions at the object level, database level, or server level. You can also modify the stored procedure so that it executes under the credentials of the owner.
Note –
For more information, see http://msdn.microsoft.com/en-us/library/ms187113.aspx.
- © 2010, Oracle Corporation and/or its affiliates