Trying to get to the bottom of a mystery. We have an AD account registered to the server that is used a service account for a web application. This account by itself does not have direct execute permission on all stored procedures, but somehow its inheriting this ability from something else. The AD account is a member of an AD group that gives 'datareader' to this particular database. Would this be enough to execute the SP's that it does not have explicit 'execute' rights on? The SP's happen to be in its default schema too.
↧