permission issue with sql login

SQLServerCentral is supported by Red Gate Software Ltd.

Popular Topics

Home

Members

Calendar

Who's On

Home » SQL Server 2005 » SQL Server 2005 Security » permission issue with sql login

permission issue with sql login

Rate Topic

Display Mode

Topic Options

Author

Message

SQL_Surfer

Posted Friday, March 08, 2013 11:49 AM

SSC Veteran

Group: General Forum Members
Last Login: Today @ 3:13 PM
Points: 207, Visits: 511

I have a stored proc that gets executed by SQL login which has execute access to the schema owned by stored proc.

Inside the stored proc, it has insert statement to another DB which this sql login doesn't have access to. How do I get around it?

Third party app calls the stored proc.

Thanks for your help.

Post #1428720

opc.three

Posted Friday, March 08, 2013 12:48 PM

SSCertifiable

Group: General Forum Members
Last Login: Today @ 10:19 PM
Points: 6,704, Visits: 11,736

SQL_Surfer (3/8/2013)

This constitutes a broken ownership chain. You can look into cross-database ownership chaining and the use of EXECUTE AS. You can also explore signing the procedure with a certificate that has access to all underlying resources.

__________________________________________________________________________________________________
There are no special teachers of virtue, because virtue is taught by the whole community. --Plato

Believe you can and you're halfway there. --Theodore Roosevelt

Everything Should Be Made as Simple as Possible, But Not Simpler --Albert Einstein

The significant problems we face cannot be solved at the same level of thinking we were at when we created them. --Albert Einstein

1 apple is not exactly 1/8 of 8 apples. Because there are no absolutely identical apples. --Giordy

Post #1428739

SQL_Surfer

Posted Friday, March 08, 2013 1:31 PM

SSC Veteran

Group: General Forum Members
Last Login: Today @ 3:13 PM
Points: 207, Visits: 511

But he second db's table where the insert is going to take palce is owned by different schema.

Post #1428753

opc.three

Posted Friday, March 08, 2013 1:35 PM

SSCertifiable

Group: General Forum Members
Last Login: Today @ 10:19 PM
Points: 6,704, Visits: 11,736

Schemas do not own things, but I know what you mean.

In that case you can look into certificate signing or EXECUTE AS. I would go for certificate signing, it's a bit cleaner and you do not need to deal with impersonation.

__________________________________________________________________________________________________
There are no special teachers of virtue, because virtue is taught by the whole community. --Plato

Believe you can and you're halfway there. --Theodore Roosevelt

Everything Should Be Made as Simple as Possible, But Not Simpler --Albert Einstein

The significant problems we face cannot be solved at the same level of thinking we were at when we created them. --Albert Einstein

1 apple is not exactly 1/8 of 8 apples. Because there are no absolutely identical apples. --Giordy

Post #1428757

SQL_Surfer

Posted Sunday, March 10, 2013 12:56 PM

SSC Veteran

Group: General Forum Members
Last Login: Today @ 3:13 PM
Points: 207, Visits: 511

Thanks I got it working using certificate. Question though...How about linked server? If I have the proc loads records in a table in different server?

Post #1429008

opc.three

Posted Sunday, March 10, 2013 6:53 PM

SSCertifiable

Group: General Forum Members
Last Login: Today @ 10:19 PM
Points: 6,704, Visits: 11,736

It depends on how the Linked Server is configured. If you have the certificate working then it should be a trivial thing to test using a Linked Server from inside a certificate-signed stored procedure. If you run into errors, post your Linked Server definition and the error message.

__________________________________________________________________________________________________
There are no special teachers of virtue, because virtue is taught by the whole community. --Plato

Believe you can and you're halfway there. --Theodore Roosevelt

Everything Should Be Made as Simple as Possible, But Not Simpler --Albert Einstein

The significant problems we face cannot be solved at the same level of thinking we were at when we created them. --Albert Einstein

1 apple is not exactly 1/8 of 8 apples. Because there are no absolutely identical apples. --Giordy

Post #1429047

« Prev Topic | Next Topic »

Permissions