A user wants the SHOWPLAN permission in order to use Execution Plans to tune a query.
What are the implications of this permission. Is it safe to grant a user? I've seen the security note here, and that doesn't concern me with this user.
Are there any other issues to be aware of? From what I see it doesn't seem like it would be a problem to give a user this permission, even on a production database.
Thanks for the help!
Sounds reasonable to me. As long as your production server doesn't end up a substitute for a development environment.
Please see the link bellow
http://msdn.microsoft.com/en-us/library/ms187611.aspx
Important:
Users who have the SHOWPLAN, the ALTER TRACE, or the VIEW SERVER STATE permission can view queries that are captured in Showplan output. These queries may contain sensitive information such as passwords. Therefore, we recommend that you only grant these permissions to users who are authorized to view sensitive information, such as members of the db_owner fixed database role, or members of the sysadmin fixed server role. Additionally, we recommend that you only save Showplan files or trace files that contain Showplan-related events to a location that uses the NTFS file system, and that you restrict access to users who are authorized to view sensitive information.