I have a read-only database user that I do not want to be able to run the EXEC
command. I ran the following:
DENY EXECUTE to db_USERROLE_deny
That completed successfully; however, when I sign in as that user and run the following it runs and gives me output:
EXEC sp_columns table1
How can I deny this user the ability to run EXEC
command on the database he connects to?
Best Answer
Since these are system stored procedures, you need to deny permissions in the master database using a new role in master, not the one you already have:
Deny execute permissions: