Stored procedures can serve as security mechanisms, since a user can be granted permission to execute a stored procedure, even if she or he does not have permissions on the tables or views referenced in it, or permission to execute specific commands. See Chapter 17, “Managing User Permissions,” in the System Administration Guide: Volume 1.
You can protect the source text of a stored procedure against unauthorized access by restricting select permission on the text column of the syscomments table to the creator of the procedure and the system administrator. This restriction is required to run Adaptive Server in the evaluated configuration. To enact this restriction, a system security officer must reset the allow select on syscomments.text column parameter using sp_configure. See Chapter 5, “Setting Configuration Parameters,” the System Administration Guide: Volume 1.
Another way to protect access to the source text of a stored procedure is to use sp_hidetext to hide the source text . See the Reference Manual: Procedures.
