Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

permission issue with sql login Expand / Collapse
Author
Message
Posted Friday, March 8, 2013 11:49 AM
Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Sunday, August 17, 2014 3:50 AM
Points: 329, Visits: 858
I have a stored proc that gets executed by SQL login which has execute access to the schema owned by stored proc.

Inside the stored proc, it has insert statement to another DB which this sql login doesn't have access to. How do I get around it?

Third party app calls the stored proc.

Thanks for your help.
Post #1428720
Posted Friday, March 8, 2013 12:48 PM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Friday, September 19, 2014 7:27 PM
Points: 7,107, Visits: 12,657
SQL_Surfer (3/8/2013)
I have a stored proc that gets executed by SQL login which has execute access to the schema owned by stored proc.

Inside the stored proc, it has insert statement to another DB which this sql login doesn't have access to. How do I get around it?

Third party app calls the stored proc.

Thanks for your help.

This constitutes a broken ownership chain. You can look into cross-database ownership chaining and the use of EXECUTE AS. You can also explore signing the procedure with a certificate that has access to all underlying resources.


__________________________________________________________________________________________________
There are no special teachers of virtue, because virtue is taught by the whole community. --Plato
Post #1428739
Posted Friday, March 8, 2013 1:31 PM
Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Sunday, August 17, 2014 3:50 AM
Points: 329, Visits: 858
But he second db's table where the insert is going to take palce is owned by different schema.
Post #1428753
Posted Friday, March 8, 2013 1:35 PM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Friday, September 19, 2014 7:27 PM
Points: 7,107, Visits: 12,657
Schemas do not own things, but I know what you mean.

In that case you can look into certificate signing or EXECUTE AS. I would go for certificate signing, it's a bit cleaner and you do not need to deal with impersonation.


__________________________________________________________________________________________________
There are no special teachers of virtue, because virtue is taught by the whole community. --Plato
Post #1428757
Posted Sunday, March 10, 2013 12:56 PM
Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Sunday, August 17, 2014 3:50 AM
Points: 329, Visits: 858
Thanks I got it working using certificate. Question though...How about linked server? If I have the proc loads records in a table in different server?
Post #1429008
Posted Sunday, March 10, 2013 6:53 PM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Friday, September 19, 2014 7:27 PM
Points: 7,107, Visits: 12,657
It depends on how the Linked Server is configured. If you have the certificate working then it should be a trivial thing to test using a Linked Server from inside a certificate-signed stored procedure. If you run into errors, post your Linked Server definition and the error message.

__________________________________________________________________________________________________
There are no special teachers of virtue, because virtue is taught by the whole community. --Plato
Post #1429047
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse