I’m having problems executing a function.
Here’s what I did:
- Create a function using SQL Server Management Studio. It was successfully created.
- I then tried executing the newly created function and here’s what I get:
The EXECUTE permission was denied on
the object ‘xxxxxxx’, database
‘zzzzzzz’, schema ‘dbo’.
Uwe Keim
39.3k56 gold badges174 silver badges291 bronze badges
asked Sep 14, 2010 at 11:19
upendra parmarupendra parmar
2,3792 gold badges14 silver badges3 bronze badges
3
Sounds like you need to grant the execute permission to the user (or a group that they a part of) for the stored procedure in question.
For example, you could grant access thus:
USE zzzzzzz;
GRANT EXEC ON dbo.xxxxxxx TO PUBLIC
answered Sep 14, 2010 at 11:23
Rowland ShawRowland Shaw
37.6k14 gold badges97 silver badges166 bronze badges
9
Best solution that i found is create a new database role i.e.
CREATE ROLE db_executor;
and then grant that role exec permission.
GRANT EXECUTE TO db_executor;
Now when you go to the properties of the user and go to User Mapping and select the database where you have added new role,now new role will be visible in the Database role membership for: section
For more detail read full article
answered Nov 11, 2014 at 18:04
3
In SQL Server Management Studio, go to security->schema->dbo:
Double-click dbo, select the Permissions page, then click the «View database permissions» link in blue:
Select the user for whom you want to change permissions, and look for the «Execute» permission under the «explicit» tab:
Choose the appropriate permission by checking the appropriate box.
TylerH
20.7k65 gold badges73 silver badges98 bronze badges
answered Nov 26, 2014 at 7:32
0
you need to run something like this
GRANT Execute ON [dbo].fnc_whatEver TO [domainuser]
answered Sep 14, 2010 at 12:21
IainIain
6,3822 gold badges30 silver badges50 bronze badges
0
This will work if you are trying to Grant permission to Users or roles.
Using Microsoft SQL Server Management Studio:
- Go to: Databases
- Right click on dbo.my_database
- Choose: Properties
- On the left side panel, click on: Permissions
- Select the User or Role and in the Name Panel
- Find Execute in in permissions and checkmark: Grant,With Grant, or Deny
Uwe Keim
39.3k56 gold badges174 silver badges291 bronze badges
answered Aug 4, 2016 at 13:35
csebryamcsebryam
1,08111 silver badges13 bronze badges
1
Giving such permission can be dangerous, especially if your web application uses that same username.
Now the web user (and the whole world wide web) also has the permission to create and drop objects within your database. Think SQL Injection!
I recommend granting Execute privileges only to the specific user on the given object as follows:
grant execute on storedProcedureNameNoquotes to myusernameNoquotes
Now the user myusernameNoquotes can execute procedure storedProcedureNameNoquotes without other unnecessary permissions to your valuable data.
Uwe Keim
39.3k56 gold badges174 silver badges291 bronze badges
answered Jun 1, 2014 at 1:30
AMAR PANRAYAMAR PANRAY
3513 silver badges8 bronze badges
If you have issues like the question ask above regarding the exception thrown when the solution is executed, the problem is permission, not properly granted to the users of that group to access the database/stored procedure. All you need do is to do something like what i have below, replacing mine with your database name, stored procedures (function)and the type of permission or role or who you are granting the access to.
USE [StableEmployee]
GO
GRANT EXEC ON dbo.GetAllEmployees TO PUBLIC
/****** Object: StoredProcedure [dbo].[GetAllEmployees] Script Date: 01/27/2016 16:27:27 ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER procedure [dbo].[GetAllEmployees]
as
Begin
Select EmployeeId, Name, Gender, City, DepartmentId
From tblEmployee
End
answered Jan 27, 2016 at 15:54
here is how to give permission for one user not public,
Direct Query:
Use MyDatabase
Grant execute on [dbo].[My-procedures-name] to [IIS APPPOOLmy-iis-pool]
Go
answered Feb 21, 2019 at 5:57
If you make this user especial for a specific database, then maybe you do not set it as db_owner in «user mapping» of properties
answered Oct 27, 2014 at 14:07
You can give everybody execute permission:
GRANT Execute on [dbo].your_object to [public]
«Public» is the default database role that all users are a member of.
answered Apr 15, 2014 at 8:27
philuphilu
7651 gold badge8 silver badges17 bronze badges
1
The general answer is to grant execute permission as explained above. But that doesn’t work if the schema owner of SP is different to underlying objects.
Check schema owners by:
select name, USER_NAME(s.principal_id) AS Schema_Owner from sys.schemas s
To change the owner of an schema you can:
ALTER AUTHORIZATION ON SCHEMA::YOUR_SCHEMA TO YOUR_USER;
Examples:
ALTER AUTHORIZATION ON SCHEMA::Claim TO dbo
ALTER AUTHORIZATION ON SCHEMA::datix TO user1;
Finally if within your SP you are truncating a table or changing structure you may want to add WITH EXECUTE AS OWNER in your SP:
ALTER procedure [myProcedure]
WITH EXECUTE AS OWNER
as
truncate table etl.temp
answered Sep 14, 2020 at 6:14
If you only need to grant a single function then (only db admin can do it):
- Open Management studio
- Find function/procedure you want to grant in Object Eplorer (dbname-Programmability-[Functions/Stored Procedures]-…)
- Right click on function or procedure name and open Properties
- In Properties select Permissions, add user (or schema) you want and Grant him Execute permission.
I believe this is most secure way how to do it because you only grant to user execution of this function. Nothing else!
answered Mar 22, 2021 at 9:15
WarfWarf
3012 silver badges8 bronze badges
I think you have to select the object you want to grant access to, then right-click, and select properties. Select permission on the modal window that will be displayed then click on Search, on the newly revealed window, select browse, select the user you want to grant access and click on ok. it will display for you a list of permission and the grant status, and then you can choose to grant or deny
answered Aug 3, 2022 at 14:12
I have faced the same problem and I solved as give db_owner permission too to the Database user.
answered Jan 23, 2014 at 12:10
SingaravelanSingaravelan
7993 gold badges18 silver badges32 bronze badges
2
This shows that you don’t have access to perform any action on the specified database table. To enable this, Go to Security -> Schema and check.
answered Jun 1, 2022 at 21:14
you’d better off modifying server roles, which was designed for security privileges. add sysadmin server role to your user. for better security you may have your custom server roles. but this approach will give you what you want for now.
- Object Explorer -> Server -> Security -> Logins
- Right click on your desired user
- Go to Server Roles on left hand side
- Make sure sysadmin is checked
- Hit OK and restart your SQL server
Good luck
answered Jul 5, 2018 at 0:00
Ali KashanchiAli Kashanchi
8,5403 gold badges14 silver badges11 bronze badges
1
- Remove From My Forums
-
Question
-
Hi Team,
While executing a sql query am getting bellow error message, could you please help on this
Msg 229, Level 14, State 5, Line 1
The EXECUTE permission was denied on the object ‘Function_Name’, database ‘db_name’, schema ‘dbo’.
Thanks Bala Narasimha
Answers
-
Hi Team,
While executing a sql query am getting bellow error message, could you please help on this
Msg 229, Level 14, State 5, Line 1
The EXECUTE permission was denied on the object ‘Function_Name’, database ‘db_name’, schema ‘dbo’.
Thanks Bala Narasimha
Hi Bala,
Firstly, you need to get the current user of the database, then grant the EXECUTE permission to the user.
--Session1 (the session you have got the error message) USE [db_name] GO -- Get the current user(If the selected user is John) SELECT CURRENT_USER; GO --Session2 (The new session) USE [db_name] GO SELECT CURRENT_USER; --current user is dbo GRANT EXECUTE ON OBJECT::dbo.Function_Name to John; GO
Best Regards,
Will
MSDN Community Support
Please remember to click «Mark as Answer» the responses that resolved your issue, and to click «Unmark as Answer» if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to
MSDN Support, feel free to contact MSDNFSF@microsoft.com.-
Proposed as answer by
Wednesday, July 4, 2018 10:44 AM
-
Marked as answer by
BaluChalla
Tuesday, July 24, 2018 7:26 AM
-
Proposed as answer by
The following article will handle “the execute permission was denied on the object” error appears on SQL Server. This error is clear and is related with the permissions of the user that is executing or running that object on database. To resolve this most probably you need to contact with your database administrator.
The error view example:
“The EXECUTE permission was denied on the object ‘XXXXX’, database ‘master’, schema ‘dbo’ “
The EXECUTE Permission was Denied on the Object
Solutions for “The execute permission was denied on the object”
The reason of the error:
User has not permission to run “XXXXX” stored procedure in master database. If you are database admin then you need to give permission to the user performing the execution like below.
As user you can still try but it is not likely the same user that cannot execute the procedure also has the rights to change the permissions. If this does not work, you need to login on SQL Server as a user that has the rights to change the execute permissions. Or better contact a SQL Server Database Admin to resolve this for you.
1. How to resolve the error by Grant permission to specific object:
After you are login with an admin user or user that have rights to change execute permissions, you can grant permissions to the user executing this procedure like below:
use [master]
GO
GRANT EXECUTE ON [dbo].[XXXXX] TO [UserYY]
You can customize the above query by changing the procedure [dbo].[XXXXX] or [UserYY] as you need.
2. Resolve issue by grant permission to db_owner role:
A solution is to add db_owner role to the user on the database where is trying to execute. You can add this easy by:
- Open SQL Server Management Studio and go to properties of User
- Click to User Mapping
- Check the Database where you are going to give the db_owner role
- Below this on “database role membership” section check db_owner role
- Click ok And try to execute the procedure.
3. Resolve by create a new database role:
Curiously there is no role to grant a user permission to execute stored procedures. The database administrators recommend to create a new database role like db_executor.
CREATE ROLE db_executor;
–Grant that role exec permission.
GRANT EXECUTE TO db_executor;
To add this new permission to user you need to:
- Go to the properties of the user
- Go to User Mapping
- Select the database where you have added new role
- New role will be visible in the Database role membership
- Check db_executor role and save
4. Resolve by giving everybody execution permission:
This extreme solutions in my opinion because is going to give to every user the execution permission. This can be happening by executing below query:
GRANT Execute on [dbo].your_object to [public]
“Public” is the default database role that all users are a member of.
Read Also: Reset SQL SA Password
5. Resolve by grant sysadmin server role to the user:
- Open SQL Server Management Studio and go to properties of User
- On Server Roles section check sysadmin and click ok
- Check if you can execute the procedure
Be careful because sysadmin server role grand all the permission for the all databases on that instance.
grant sysadmin server role
Conclusions:
So in the above article we added all the solutions to solve The EXECUTE Permission was Denied on the Object. If you find any other solutions just reply on comment. We will try to include it on our article.
- Remove From My Forums
-
Question
-
Today I have seen the following error on one of my SharePoint servers.
The EXECUTE permission was denied on the object ‘proc_putObjectTVP’, database ‘SharePoint_Config’, schema ‘dbo’.
The account that was denied EXECUTE permissions is the Service Application App Pool account.
Having googled the problem — most posts seem to suggest manually granting execute rights to the WSS_Content_Application_Pools role on the SharePoint_Config database to the following stored procedures:
[dbo].[proc_putObjectTVP]
[dbo].[proc_putObject]
[dbo].[proc_putDependency]However it seems odd that there is not a SharePoint way to do this rather than modifying SQL permissions via SQL Management Studio. Has anyone else encountered this problem and is there a SharePoint way to fix it?
I should add that Microsoft say this about Service and other Application Pool accounts:
«This account is assigned to the WSS_CONTENT_APPLICATION_POOLS role associated with the farm configuration database.»
https://technet.microsoft.com/en-us/library/cc678863%28v=office.15%29.aspx#Section3
-
Edited by
Thursday, January 29, 2015 2:08 AM
-
Edited by
Answers
-
Hi,
From your description, you might find error 5214 in event log, one or more of the following might be the cause:
- The service account to which SharePoint is set does not have sufficient permissions to the database to which it is trying to connect.
- The service account is not set up properly in SharePoint.
- When using least privilege setup of the Farm.
Please perform the steps below and test the issue again:
1. Expand Databases then expand the SharePoint_Config Database.
2. Expand Security -> Roles -> Database Roles
3. Find WSS_Content_Application_Pools role, right click it, and select Properties
4. Click on Securables and click Search
5. Next click Specific objects and click OK
6. Click Object Types and select Stored Procedures. Click OK
7. Add the Stored Procedure ‘proc_putObjectTVP’ and click OK (if it does not automatically grant it exec permission; you need to click the checkbox on «execute» and save it)Regards,
Rebecca Tu
TechNet Community Support
-
Proposed as answer by
Vincent.Han
Monday, February 2, 2015 6:35 AM -
Marked as answer by
Rebecca Tu
Sunday, February 8, 2015 2:26 AM
In this guide, we’ll walk you through the steps to resolve the ‘Execute Permission Denied’ error that occurs when a user tries to access an object in a database. This issue is commonly faced by developers and database administrators when working with SQL Server databases.
This error occurs when a user doesn’t have the necessary permissions to execute a stored procedure, function, or any other object in the database. By following the steps outlined in this guide, you’ll be able to resolve this issue and ensure that your users can access the objects they need without any issues.
Table of Contents
- Understanding the ‘Execute Permission Denied’ Error
- Granting Execute Permissions
- Using Roles for Permission Management
- FAQs
Understanding the ‘Execute Permission Denied’ Error
Before diving into the solution, it’s essential to understand the root cause of the ‘Execute Permission Denied’ error. This error occurs when a user tries to access an object in the database, but they do not have the required permission to execute that object.
For example, let’s say you have a stored procedure called usp_GetEmployeeDetails. If a user tries to execute this stored procedure without having the necessary execute permission, they’ll encounter the ‘Execute Permission Denied’ error.
Here’s a sample error message:
Msg 229, Level 14, State 5, Procedure usp_GetEmployeeDetails, Line 1
The EXECUTE permission was denied on the object 'usp_GetEmployeeDetails', database 'HR', schema 'dbo'.
Now that we understand the error let’s move on to the steps to resolve it.
Granting Execute Permissions
To resolve the ‘Execute Permission Denied’ error, you need to grant the necessary execute permissions to the user who is facing this issue. You can do this using the GRANT statement in SQL Server.
Here’s the syntax for granting execute permissions:
GRANT EXECUTE ON object::[schema_name].[object_name] TO [user_name];
For example, to grant execute permissions on the usp_GetEmployeeDetails stored procedure to a user named John, you can use the following command:
GRANT EXECUTE ON object::dbo.usp_GetEmployeeDetails TO John;
After executing this command, the user John will be able to execute the usp_GetEmployeeDetails stored procedure without encountering the ‘Execute Permission Denied’ error.
Using Roles for Permission Management
Instead of granting execute permissions to individual users, you can create roles and assign permissions to those roles. This makes it easier to manage permissions, especially when you have many users who need access to the same objects.
To create a role, use the CREATE ROLE statement. Here’s an example of creating a role called EmployeeDataReader:
CREATE ROLE EmployeeDataReader;
Next, you can grant the execute permissions to this role using the GRANT statement:
GRANT EXECUTE ON object::dbo.usp_GetEmployeeDetails TO EmployeeDataReader;
Finally, you can add users to this role using the ALTER ROLE statement:
ALTER ROLE EmployeeDataReader ADD MEMBER John;
Now, the user John has the necessary execute permissions through the EmployeeDataReader role.
FAQs
1. How do I check if a user has execute permissions on an object?
You can use the fn_my_permissions function to check the permissions of a user on a specific object. Here’s an example:
SELECT * FROM fn_my_permissions('dbo.usp_GetEmployeeDetails', 'OBJECT') WHERE permission_name = 'EXECUTE';
2. How do I revoke execute permissions from a user?
You can use the REVOKE statement to revoke execute permissions from a user. Here’s an example:
REVOKE EXECUTE ON object::dbo.usp_GetEmployeeDetails FROM John;
3. Can I grant execute permissions on all stored procedures in a schema at once?
Yes, you can use the following command to grant execute permissions on all stored procedures in a schema:
GRANT EXECUTE ON SCHEMA::[schema_name] TO [user_name];
For example:
GRANT EXECUTE ON SCHEMA::dbo TO John;
4. How do I list all the roles in a database?
You can use the following query to list all the roles in a database:
SELECT * FROM sys.database_principals WHERE type_desc = 'DATABASE_ROLE';
5. How do I list all users who are members of a specific role?
You can use the following query to list all users who are members of a specific role:
SELECT member_principal.name AS MemberName
FROM sys.database_role_members drm
JOIN sys.database_principals role_principal ON drm.role_principal_id = role_principal.principal_id
JOIN sys.database_principals member_principal ON drm.member_principal_id = member_principal.principal_id
WHERE role_principal.name = 'RoleName';
Replace RoleName with the name of the role you want to check.
For more information on managing permissions in SQL Server, you can visit the official Microsoft documentation.
By following the steps outlined in this guide, you should now be able to resolve the ‘Execute Permission Denied’ error on objects in SQL Server databases. This will ensure that your users can access the objects they need without any issues.