The EXECUTE permission was denied on the object 'xxxxxxx', database 'zzzzzzz', schema 'dbo'

Question

I'm having problems executing a function.

Here's what I did:

Create a function using SQL Server Management Studio. It was successfully created.
I then tried executing the newly created function and here's what I get:

The EXECUTE permission was denied on the object 'xxxxxxx', database 'zzzzzzz', schema 'dbo'.

If having db_owner role, the user can execute also (not equals to grant exec...) — hazjack, Nov 08 '17 at 04:54
I got this error when there was a syntax error in my SQL Statement. Essentially i had merged `GO` and `Create` into `GOCreate`. Other syntax errors also seem to give this error. — Ganesh Kamath - 'Code Frenzy', Jan 22 '18 at 09:03
@GaneshKamath-'CodeFrenzy' - thanks for te hint, I've been staring at my proc & couldnt see the fault, your suggestion was exactly what I did ! — daveD, Jul 29 '22 at 08:15

score 193 · Answer 1 · answered Sep 14 '10 at 11:23

193

Sounds like you need to grant the execute permission to the user (or a group that they a part of) for the stored procedure in question.

For example, you could grant access thus:

USE zzzzzzz;
GRANT EXEC ON dbo.xxxxxxx TO PUBLIC

answered Sep 14 '10 at 11:23

Rowland Shaw

37,700
14
97
166

2

Hi, I know it was a bit time ago, but I have a question. Might such action have some security problems? Does it opens sp to be used for everyone? – Valentyn Vynogradskiy Aug 04 '14 at 10:39
13

Yes, it does allow anyone with a connection to the DB to run the stored procedure. I would expect people worried about security to grant access to the **relevant group in *their* database**. – Rowland Shaw Aug 04 '14 at 11:13
9

You can also use `GRANT EXEC TO PUBLIC` to grant access to all the objects in the database – sohaiby Dec 20 '15 at 12:45
6

I would never grant execute permissions to the public role. Any way in our environment it was mandated that public role be disabled. I always grant execute permissions to a specific user or a role created explicitly for this purpose. – user1161391 Nov 27 '17 at 17:04
10

why is everyone upvoting comments suggesting giving PUBLIC rights to execute anything at all in a database? That's a special case not the defacto. – Sat Thiru Dec 08 '18 at 02:35
2

Not sure about granting access to `public`; I'd rather the safer option of creating a separate role with exec perms. – Andi Emma Davies Mar 06 '19 at 16:06
1

@AndiEmmaDavies Me too, whihch is why I advocated granting permission to the specific user, or a group they're part of – Rowland Shaw Mar 07 '19 at 11:22
Is there a way of granting access to all procedures and public instead of granting each procedure? The people here complaining about security should realise that the report user could have access restricted at the report level rather than cause all this stress making extra procedures the report runs to become publicly accessible. – Eddy Jawed Dec 11 '19 at 17:48
Under no circumstances should a 'public' user or group be granted access to SQL that could result in data being accessed or functions and stored procedures being executed. – CaptainGenesisX Jun 29 '22 at 12:50

score 143 · Answer 2 · answered Nov 11 '14 at 18:04

143

Best solution that i found is create a new database role i.e.

CREATE ROLE db_executor;

and then grant that role exec permission.

GRANT EXECUTE TO db_executor;

Now when you go to the properties of the user and go to User Mapping and select the database where you have added new role,now new role will be visible in the Database role membership for: section

For more detail read full article

answered Nov 11 '14 at 18:04

kazim

2,101
1
19
15

9

This answer is best if you need to grant EXECUTE for all SPs to a particular user login -- without using public or db_owner. Seems like the most prudent and useful answer here. – jcollum Oct 26 '15 at 21:10
3

For some reason this is the only answer that works for me on SQL Server 2012. Giving my user explicit EXECUTE permission does not work. It only works if it inherits the permission through a role. – Keith Jan 22 '16 at 14:45
Then add it to the account such as `EXEC sp_addrolemember @rolename = N'db_executor', @membername = N'processAPI'` – ΩmegaMan Mar 26 '20 at 21:39

score 108 · Answer 3 · edited May 28 '21 at 21:41

108

In SQL Server Management Studio, go to security->schema->dbo:

Double-click dbo, select the Permissions page, then click the "View database permissions" link in blue:

Select the user for whom you want to change permissions, and look for the "Execute" permission under the "explicit" tab:

Choose the appropriate permission by checking the appropriate box.

edited May 28 '21 at 21:41

TylerH

20,799
66
75
101

answered Nov 26 '14 at 07:32

Suhail Mumtaz Awan

3,295
8
43
77

Iain · Answer 4 · 2017-05-17T11:07:58.980

59

you need to run something like this

GRANT Execute ON [dbo].fnc_whatEver TO [domain\user]

edited May 17 '17 at 11:07

answered Sep 14 '10 at 12:21

Iain

6,392
2
30
50

score 53 · Answer 5 · edited Feb 10 '18 at 19:39

53

This will work if you are trying to Grant permission to Users or roles.

Using Microsoft SQL Server Management Studio:

Go to: Databases
Right click on dbo.my_database
Choose: Properties
On the left side panel, click on: Permissions
Select the User or Role and in the Name Panel
Find Execute in in permissions and checkmark: Grant,With Grant, or Deny

edited Feb 10 '18 at 19:39

Uwe Keim

39,551
56
175
291

answered Aug 04 '16 at 13:35

csebryam

1,091
11
13

Unfortunately, the user has execute permissions already! Which is why this is so confusing.... – Douglas Gaskell Nov 07 '18 at 23:42

score 18 · Answer 6 · edited Feb 10 '18 at 19:40

Giving such permission can be dangerous, especially if your web application uses that same username.

Now the web user (and the whole world wide web) also has the permission to create and drop objects within your database. Think SQL Injection!

I recommend granting Execute privileges only to the specific user on the given object as follows:

grant execute on storedProcedureNameNoquotes to myusernameNoquotes

Now the user myusernameNoquotes can execute procedure storedProcedureNameNoquotes without other unnecessary permissions to your valuable data.

score 8 · Answer 7 · answered Sep 14 '10 at 12:19

8

You don't have the right to execute it, although you have enough permissions to create it.

For more information, see GRANT Object Permissions (Transact-SQL)

answered Sep 14 '10 at 12:19

Denis Valeev

5,975
35
41

Okwo moses · Answer 8 · 2016-01-27T16:21:40.827

If you have issues like the question ask above regarding the exception thrown when the solution is executed, the problem is permission, not properly granted to the users of that group to access the database/stored procedure. All you need do is to do something like what i have below, replacing mine with your database name, stored procedures (function)and the type of permission or role or who you are granting the access to.

USE [StableEmployee]
GO
GRANT EXEC ON dbo.GetAllEmployees TO PUBLIC

/****** Object: StoredProcedure [dbo].[GetAllEmployees] Script Date: 01/27/2016 16:27:27 ******/

SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER procedure [dbo].[GetAllEmployees]
as
Begin
Select EmployeeId, Name, Gender, City, DepartmentId
From tblEmployee

End

score 3 · Answer 9 · answered Feb 21 '19 at 05:57

3

here is how to give permission for one user not public,

Direct Query:

Use MyDatabase Grant execute on [dbo].[My-procedures-name] to [IIS APPPOOL\my-iis-pool] Go

answered Feb 21 '19 at 05:57

Mando Basha

31
3

score 1 · Answer 10 · answered Oct 27 '14 at 14:07

1

If you make this user especial for a specific database, then maybe you do not set it as db_owner in "user mapping" of properties

answered Oct 27 '14 at 14:07

Fatemeh M. Rezaie

163
10

score 0 · Answer 11 · answered Jan 23 '14 at 12:10

0

I have faced the same problem and I solved as give db_owner permission too to the Database user.

answered Jan 23 '14 at 12:10

Singaravelan

809
3
19
32

16

i don't think this is a good solution... because i can't give my web application this permission .. i don't know who up vote this – Mina Gabriel May 14 '14 at 13:31
9

Not recommended, as this is very insecure. You should create appropriate roles instead of using db_owner which has full control over the entire database – Yetiish May 19 '15 at 13:10
For a production database, that would be correct - this is insecure, but for a development database where you just want to get the job done ASAP, this is all you need to get it sorted and back to cutting code. – philu Jul 23 '23 at 23:21

philu · Answer 12 · 2023-07-23T23:28:50.987

0

You can give everybody execute permission:

GRANT Execute on [dbo].your_object to [public]

"Public" is the default database role that all users are a member of.

Not recommended for a production environment, but if you don't care about security, perhaps in a temporary database you're developing with, this will get you going.

edited Jul 23 '23 at 23:28

answered Apr 15 '14 at 08:27

philu

795
1
8
17

1

This is incredibly dangerous and not recommended. – TylerH Aug 03 '22 at 14:17

score 0 · Answer 13 · answered Sep 14 '20 at 06:14

The general answer is to grant execute permission as explained above. But that doesn't work if the schema owner of SP is different to underlying objects.

Check schema owners by:

select name, USER_NAME(s.principal_id) AS Schema_Owner from sys.schemas s

To change the owner of an schema you can:

ALTER AUTHORIZATION ON SCHEMA::YOUR_SCHEMA TO YOUR_USER;

Examples:

ALTER AUTHORIZATION ON SCHEMA::Claim TO dbo
ALTER AUTHORIZATION ON SCHEMA::datix TO user1;

Finally if within your SP you are truncating a table or changing structure you may want to add WITH EXECUTE AS OWNER in your SP:

ALTER procedure [myProcedure] 
WITH EXECUTE AS OWNER

as

truncate table etl.temp

Warf · Answer 14 · 2021-03-22T11:18:04.117

If you only need to grant a single function then (only db admin can do it):

Open Management studio
Find function/procedure you want to grant in Object Eplorer (dbname-Programmability-[Functions/Stored Procedures]-...)
Right click on function or procedure name and open Properties
In Properties select Permissions, add user (or schema) you want and Grant him Execute permission.

I believe this is most secure way how to do it because you only grant to user execution of this function. Nothing else!

score 0 · Answer 15 · answered Aug 03 '22 at 14:12

I think you have to select the object you want to grant access to, then right-click, and select properties. Select permission on the modal window that will be displayed then click on Search, on the newly revealed window, select browse, select the user you want to grant access and click on ok. it will display for you a list of permission and the grant status, and then you can choose to grant or deny

score 0 · Answer 16 · answered Jun 29 '23 at 14:12

0

As Ganesh stated above, I was missing a "GO" after the end of my SP. I guess the error description provided by microsoft is not accurate enough hehe.

answered Jun 29 '23 at 14:12

user3447006

23
3

Please don't add "thank you" as an answer. Instead, vote up the answers that you find helpful. - [From Review](/review/late-answers/34618171) – sanitizedUser Jul 06 '23 at 10:26

score -2 · Answer 17 · answered Jun 01 '22 at 21:14

-2

This shows that you don't have access to perform any action on the specified database table. To enable this, Go to Security -> Schema and check.

answered Jun 01 '22 at 21:14

Edwin Macharia

25
8

score -3 · Answer 18 · answered Jul 05 '18 at 00:00

you'd better off modifying server roles, which was designed for security privileges. add sysadmin server role to your user. for better security you may have your custom server roles. but this approach will give you what you want for now.

Object Explorer -> Server -> Security -> Logins
Right click on your desired user
Go to Server Roles on left hand side
Make sure sysadmin is checked
Hit OK and restart your SQL server

Good luck

sysadmin is total overkill (and dangerous) – Trubs Mar 10 '20 at 01:31 — Trubs, Mar 10 '20 at 01:31

The EXECUTE permission was denied on the object 'xxxxxxx', database 'zzzzzzz', schema 'dbo'

18 Answers18

Linked

Related