What security benefits are provided by using stored procedures to access data?

Question

I have seen some guidance which recommends that you secure a database by layering all data access through stored procedures.

I know that for SQL Server, you can secure t

Answer 1

The stored procedure is better because the security on the stored procedure (IIRC) will trump security on the tables/columns.

For single-table access, that's not a big deal. However, if you have an operation that involves multiple columns on multiple tables, having one access/deny flag for a table/column might not work for all situations.

However, a stored procedure can perform the composite operation and you can set the security appropriately on that.