A user can be granted permission on a view or on a stored procedure even if he or she has no permissions on objects that the view or procedure references.
For more information, choose one of the following topics:
Views as Security Mechanisms
Stored Procedures and Permissions
Ownership Chains
Triggers and Permissions