I have a user which can read and write but now he needs to be able to create/alter a sproc but giving him ddl_admin will make it too unsecure. I dont trust him that much.
What can I do about it? Can I somehow give him rights to alter a sproc in only one schema (I will create a schema for his own use)?
Best Answer
SQL Server 2005+ have far more granular permissions
"ddl_admin" is simply a legacy wrapper for these new permissions
From CREATE PROCEDURE in MSDN
Edit:
If your schema is only for stored procs then you should be OK, with no side effects such as the ability to change permissions or createtables