No, dynamic sql is executed with permissions of the current user, even if in stored procedures.
Yes, if you need to use dynamic sql, you should use sp_executesql. It allows for parameters and gives you a better chance that SQL Server will reuse query plans.
For the sake of completeness, take a look at this one:
http://www.sommarskog.se/dynamic_sql.html
--
Frank Kalis
Microsoft SQL Server MVP
Webmaster: http://www.insidesql.org/blogs
My blog: http://www.insidesql.org/blogs/frankkalis/[/url]