{"id":1916,"date":"2014-01-28T11:00:33","date_gmt":"2014-01-28T16:00:33","guid":{"rendered":"http:\/\/sqlity.net\/en\/?p=1916"},"modified":"2014-11-13T13:19:55","modified_gmt":"2014-11-13T18:19:55","slug":"all-privileges-misleading-permissions-shortcut","status":"publish","type":"post","link":"https:\/\/sqlity.net\/en\/1916\/all-privileges-misleading-permissions-shortcut\/","title":{"rendered":"ALL PRIVILEGES \u2013 The Misleading Permissions Shortcut"},"content":{"rendered":"
\n

Introduction<\/h3>\n

\nGRANT ALL PRIVILEGES ON ...<\/span> is a common shortcut to give a database principal full access to the securable in question. It is part of the SQL standard and implemented by most RDMSs on the market today. However, what ALL<\/span> means is different from vendor to vendor. For only very few vendors ALL<\/span> actually means \"all\" and SQL Server is one of the ones that leave a gap.\n<\/p>\n

\nSQL Server 2000 had a significantly simpler security model and at that time ALL<\/span> actually included all permissions that could be granted on the specified securable. With the enhancements to the permission model in SQL 2005 Microsoft had to make a decision to either change the behavior of existing code or deviate from the standard.\n<\/p>\n

\nSignificantly altering the behavior of existing code is not an idea that would have sat well with their customers, especially as we are talking about security related functionality. Therefore Microsoft went with the second option and deviated from the standard.\n<\/p>\n

\nBecause of that deviation from the standard and from what you would expect this functionality to do, Microsoft decided to deprecate this feature. It is possible that they are planning to reintroduce it after a waiting period to match the standard again, but that has not been announced yet.\n<\/p>\n

Deprecation Warning<\/h3>\n

\nBecause the ALL PRIVILEGES<\/span> feature has been deprecated, you should not include this feature in new development and plan on removing it from the existing code base.\n<\/p>\n

ALL PRIVILEGES Example<\/h3>\n

\nJust for completeness I am going to include a short example that shows that ALL<\/span> really does not mean \"all\" anymore. Let's start with granting ALL PRIVILEGES<\/span> on a procedure to TestUser1<\/span>:\n<\/p>\n

\n[sql]\nGRANT ALL PRIVILEGES ON OBJECT::dbo.tstproc TO TestUser1;
\n[\/sql]\n<\/div>\n

\nNow TestUser1<\/span> should be able to everything to and with this procedure. Let's check:\n<\/p>\n

\n\"GRANT<\/a>\n<\/p>\n

\nWhile the procedure executes with no problems, the quest for the procedure definition comes back empty handed.\n<\/p>\n

\nFor TestUser1<\/span> to be able to see the procedure definition, we need to also grant the VIEW DEFINITION<\/span> privilege:\n<\/p>\n

\n[sql]\nGRANT VIEW DEFINITION ON OBJECT::dbo.tstproc TO TestUser1;
\n[\/sql]\n<\/div>\n

\nWith that permission in place the OBJECT_DEFINITION()<\/span> function returns the desired result:\n<\/p>\n

\n\"VIEW<\/a>\n<\/p>\n<\/p>\n

Summary<\/h3>\n

\nALL PRIVILEGES<\/span> is a shortcut defined in the SQL standard that was intended to allow to quickly grant all available privileges on a securable to a principal. However, since the redesign of the SQL Server security model with SQL Server 2005 this feature does not perform the expected action anymore and has therefore been deprecated.\n<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

GRANT ALL PRIVILEGES suggest it will grant all applicable privileges on a securable to a principal. However, in most RDBMSs including SQL Server this is not actually the case. In addition, this feature has been deprecated. Read on to get all the details.<\/p>\n

[more…]<\/a><\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[5,34,96],"tags":[59,91,88,92,50,38,58],"class_list":["post-1916","post","type-post","status-publish","format-standard","hentry","category-general","category-security","category-security-misconceptions","tag-database-principals","tag-deprecated","tag-grant","tag-misconception","tag-permission","tag-security-2","tag-security-management"],"acf":[],"yoast_head":"\nALL PRIVILEGES \u2013 The Misleading Permissions Shortcut - sqlity.net<\/title>\n<meta name=\"description\" content=\"GRANT ALL PRIVILEGES suggest it will grant all applicable privileges on a securable. However, in most RDBMSs including SQL Server this is not actually the case.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/sqlity.net\/en\/1916\/all-privileges-misleading-permissions-shortcut\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"ALL PRIVILEGES \u2013 The Misleading Permissions Shortcut - sqlity.net\" \/>\n<meta property=\"og:description\" content=\"GRANT ALL PRIVILEGES suggest it will grant all applicable privileges on a securable. However, in most RDBMSs including SQL Server this is not actually the case.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/sqlity.net\/en\/1916\/all-privileges-misleading-permissions-shortcut\/\" \/>\n<meta property=\"og:site_name\" content=\"sqlity.net\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/sqlity.net\" \/>\n<meta property=\"article:published_time\" content=\"2014-01-28T16:00:33+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2014-11-13T18:19:55+00:00\" \/>\n<meta property=\"og:image\" content=\"http:\/\/sqlity.net\/wp-content\/uploads\/2014\/01\/GRANT_ALL_PRIVILEGES_does_not_mean_all_privileges.jpg\" \/>\n<meta name=\"author\" content=\"Sebastian Meine\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@sqlity\" \/>\n<meta name=\"twitter:site\" content=\"@sqlity\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Sebastian Meine\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/sqlity.net\\\/en\\\/1916\\\/all-privileges-misleading-permissions-shortcut\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/sqlity.net\\\/en\\\/1916\\\/all-privileges-misleading-permissions-shortcut\\\/\"},\"author\":{\"name\":\"Sebastian Meine\",\"@id\":\"https:\\\/\\\/sqlity.net\\\/en\\\/#\\\/schema\\\/person\\\/bcffd8c572bc2f1bd10fdba80135e53c\"},\"headline\":\"ALL PRIVILEGES \u2013 The Misleading Permissions Shortcut\",\"datePublished\":\"2014-01-28T16:00:33+00:00\",\"dateModified\":\"2014-11-13T18:19:55+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/sqlity.net\\\/en\\\/1916\\\/all-privileges-misleading-permissions-shortcut\\\/\"},\"wordCount\":446,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/sqlity.net\\\/en\\\/1916\\\/all-privileges-misleading-permissions-shortcut\\\/#primaryimage\"},\"thumbnailUrl\":\"http:\\\/\\\/sqlity.net\\\/wp-content\\\/uploads\\\/2014\\\/01\\\/GRANT_ALL_PRIVILEGES_does_not_mean_all_privileges.jpg\",\"keywords\":[\"database principals\",\"deprecated\",\"GRANT\",\"misconception\",\"Permission\",\"security\",\"security management\"],\"articleSection\":[\"General\",\"Security\",\"Security Misconceptions\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/sqlity.net\\\/en\\\/1916\\\/all-privileges-misleading-permissions-shortcut\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/sqlity.net\\\/en\\\/1916\\\/all-privileges-misleading-permissions-shortcut\\\/\",\"url\":\"https:\\\/\\\/sqlity.net\\\/en\\\/1916\\\/all-privileges-misleading-permissions-shortcut\\\/\",\"name\":\"ALL PRIVILEGES \u2013 The Misleading Permissions Shortcut - sqlity.net\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/sqlity.net\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/sqlity.net\\\/en\\\/1916\\\/all-privileges-misleading-permissions-shortcut\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/sqlity.net\\\/en\\\/1916\\\/all-privileges-misleading-permissions-shortcut\\\/#primaryimage\"},\"thumbnailUrl\":\"http:\\\/\\\/sqlity.net\\\/wp-content\\\/uploads\\\/2014\\\/01\\\/GRANT_ALL_PRIVILEGES_does_not_mean_all_privileges.jpg\",\"datePublished\":\"2014-01-28T16:00:33+00:00\",\"dateModified\":\"2014-11-13T18:19:55+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/sqlity.net\\\/en\\\/#\\\/schema\\\/person\\\/bcffd8c572bc2f1bd10fdba80135e53c\"},\"description\":\"GRANT ALL PRIVILEGES suggest it will grant all applicable privileges on a securable. However, in most RDBMSs including SQL Server this is not actually the case.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/sqlity.net\\\/en\\\/1916\\\/all-privileges-misleading-permissions-shortcut\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/sqlity.net\\\/en\\\/1916\\\/all-privileges-misleading-permissions-shortcut\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/sqlity.net\\\/en\\\/1916\\\/all-privileges-misleading-permissions-shortcut\\\/#primaryimage\",\"url\":\"http:\\\/\\\/sqlity.net\\\/wp-content\\\/uploads\\\/2014\\\/01\\\/GRANT_ALL_PRIVILEGES_does_not_mean_all_privileges.jpg\",\"contentUrl\":\"http:\\\/\\\/sqlity.net\\\/wp-content\\\/uploads\\\/2014\\\/01\\\/GRANT_ALL_PRIVILEGES_does_not_mean_all_privileges.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/sqlity.net\\\/en\\\/1916\\\/all-privileges-misleading-permissions-shortcut\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/sqlity.net\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"ALL PRIVILEGES \u2013 The Misleading Permissions Shortcut\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/sqlity.net\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/sqlity.net\\\/en\\\/\",\"name\":\"sqlity.net\",\"description\":\"Quality for SQL\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/sqlity.net\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/sqlity.net\\\/en\\\/#\\\/schema\\\/person\\\/bcffd8c572bc2f1bd10fdba80135e53c\",\"name\":\"Sebastian Meine\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4ab0a6d02dd494849a584a2c3c8bc3bdcef1d0aa5f87e98bf905dbdb9ad2ce3a?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4ab0a6d02dd494849a584a2c3c8bc3bdcef1d0aa5f87e98bf905dbdb9ad2ce3a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4ab0a6d02dd494849a584a2c3c8bc3bdcef1d0aa5f87e98bf905dbdb9ad2ce3a?s=96&d=mm&r=g\",\"caption\":\"Sebastian Meine\"},\"sameAs\":[\"http:\\\/\\\/sqlity.net\",\"https:\\\/\\\/x.com\\\/sqlity\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"ALL PRIVILEGES \u2013 The Misleading Permissions Shortcut - sqlity.net","description":"GRANT ALL PRIVILEGES suggest it will grant all applicable privileges on a securable. However, in most RDBMSs including SQL Server this is not actually the case.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/sqlity.net\/en\/1916\/all-privileges-misleading-permissions-shortcut\/","og_locale":"en_US","og_type":"article","og_title":"ALL PRIVILEGES \u2013 The Misleading Permissions Shortcut - sqlity.net","og_description":"GRANT ALL PRIVILEGES suggest it will grant all applicable privileges on a securable. However, in most RDBMSs including SQL Server this is not actually the case.","og_url":"https:\/\/sqlity.net\/en\/1916\/all-privileges-misleading-permissions-shortcut\/","og_site_name":"sqlity.net","article_publisher":"https:\/\/www.facebook.com\/sqlity.net","article_published_time":"2014-01-28T16:00:33+00:00","article_modified_time":"2014-11-13T18:19:55+00:00","og_image":[{"url":"http:\/\/sqlity.net\/wp-content\/uploads\/2014\/01\/GRANT_ALL_PRIVILEGES_does_not_mean_all_privileges.jpg","type":"","width":"","height":""}],"author":"Sebastian Meine","twitter_card":"summary_large_image","twitter_creator":"@sqlity","twitter_site":"@sqlity","twitter_misc":{"Written by":"Sebastian Meine","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/sqlity.net\/en\/1916\/all-privileges-misleading-permissions-shortcut\/#article","isPartOf":{"@id":"https:\/\/sqlity.net\/en\/1916\/all-privileges-misleading-permissions-shortcut\/"},"author":{"name":"Sebastian Meine","@id":"https:\/\/sqlity.net\/en\/#\/schema\/person\/bcffd8c572bc2f1bd10fdba80135e53c"},"headline":"ALL PRIVILEGES \u2013 The Misleading Permissions Shortcut","datePublished":"2014-01-28T16:00:33+00:00","dateModified":"2014-11-13T18:19:55+00:00","mainEntityOfPage":{"@id":"https:\/\/sqlity.net\/en\/1916\/all-privileges-misleading-permissions-shortcut\/"},"wordCount":446,"commentCount":0,"image":{"@id":"https:\/\/sqlity.net\/en\/1916\/all-privileges-misleading-permissions-shortcut\/#primaryimage"},"thumbnailUrl":"http:\/\/sqlity.net\/wp-content\/uploads\/2014\/01\/GRANT_ALL_PRIVILEGES_does_not_mean_all_privileges.jpg","keywords":["database principals","deprecated","GRANT","misconception","Permission","security","security management"],"articleSection":["General","Security","Security Misconceptions"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/sqlity.net\/en\/1916\/all-privileges-misleading-permissions-shortcut\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/sqlity.net\/en\/1916\/all-privileges-misleading-permissions-shortcut\/","url":"https:\/\/sqlity.net\/en\/1916\/all-privileges-misleading-permissions-shortcut\/","name":"ALL PRIVILEGES \u2013 The Misleading Permissions Shortcut - sqlity.net","isPartOf":{"@id":"https:\/\/sqlity.net\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/sqlity.net\/en\/1916\/all-privileges-misleading-permissions-shortcut\/#primaryimage"},"image":{"@id":"https:\/\/sqlity.net\/en\/1916\/all-privileges-misleading-permissions-shortcut\/#primaryimage"},"thumbnailUrl":"http:\/\/sqlity.net\/wp-content\/uploads\/2014\/01\/GRANT_ALL_PRIVILEGES_does_not_mean_all_privileges.jpg","datePublished":"2014-01-28T16:00:33+00:00","dateModified":"2014-11-13T18:19:55+00:00","author":{"@id":"https:\/\/sqlity.net\/en\/#\/schema\/person\/bcffd8c572bc2f1bd10fdba80135e53c"},"description":"GRANT ALL PRIVILEGES suggest it will grant all applicable privileges on a securable. However, in most RDBMSs including SQL Server this is not actually the case.","breadcrumb":{"@id":"https:\/\/sqlity.net\/en\/1916\/all-privileges-misleading-permissions-shortcut\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/sqlity.net\/en\/1916\/all-privileges-misleading-permissions-shortcut\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sqlity.net\/en\/1916\/all-privileges-misleading-permissions-shortcut\/#primaryimage","url":"http:\/\/sqlity.net\/wp-content\/uploads\/2014\/01\/GRANT_ALL_PRIVILEGES_does_not_mean_all_privileges.jpg","contentUrl":"http:\/\/sqlity.net\/wp-content\/uploads\/2014\/01\/GRANT_ALL_PRIVILEGES_does_not_mean_all_privileges.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/sqlity.net\/en\/1916\/all-privileges-misleading-permissions-shortcut\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/sqlity.net\/en\/"},{"@type":"ListItem","position":2,"name":"ALL PRIVILEGES \u2013 The Misleading Permissions Shortcut"}]},{"@type":"WebSite","@id":"https:\/\/sqlity.net\/en\/#website","url":"https:\/\/sqlity.net\/en\/","name":"sqlity.net","description":"Quality for SQL","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/sqlity.net\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/sqlity.net\/en\/#\/schema\/person\/bcffd8c572bc2f1bd10fdba80135e53c","name":"Sebastian Meine","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/4ab0a6d02dd494849a584a2c3c8bc3bdcef1d0aa5f87e98bf905dbdb9ad2ce3a?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/4ab0a6d02dd494849a584a2c3c8bc3bdcef1d0aa5f87e98bf905dbdb9ad2ce3a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4ab0a6d02dd494849a584a2c3c8bc3bdcef1d0aa5f87e98bf905dbdb9ad2ce3a?s=96&d=mm&r=g","caption":"Sebastian Meine"},"sameAs":["http:\/\/sqlity.net","https:\/\/x.com\/sqlity"]}]}},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p2wXuw-uU","jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/sqlity.net\/en\/wp-json\/wp\/v2\/posts\/1916","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sqlity.net\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sqlity.net\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sqlity.net\/en\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/sqlity.net\/en\/wp-json\/wp\/v2\/comments?post=1916"}],"version-history":[{"count":0,"href":"https:\/\/sqlity.net\/en\/wp-json\/wp\/v2\/posts\/1916\/revisions"}],"wp:attachment":[{"href":"https:\/\/sqlity.net\/en\/wp-json\/wp\/v2\/media?parent=1916"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sqlity.net\/en\/wp-json\/wp\/v2\/categories?post=1916"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sqlity.net\/en\/wp-json\/wp\/v2\/tags?post=1916"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}