Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

credential/proxy Expand / Collapse
Author
Message
Posted Sunday, June 30, 2013 8:05 PM
Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Friday, December 12, 2014 1:02 PM
Points: 342, Visits: 884
I have a proc as below

ALTER PROCEDURE [dbo].[sp_proc_test]
WITH EXECUTE AS 'ABCD\svcaccount'
AS

EXEC msdb.dbo.sp_start_job @job_name = 'JB_ABC_Run'
GO



I setup a proxy account for windows login and mapped a SQL login to it. When I try to execute through a SQL login, I am getting following error.

The EXECUTE permission was denied on the object 'sp_start_job', database 'msdb', schema 'dbo'.

I have made sure the windows (ABCD\svcaccount) login has full access (owner) to the msdb db.

What am I missing?
Post #1468908
Posted Friday, July 5, 2013 10:19 AM
Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Friday, December 12, 2014 1:02 PM
Points: 342, Visits: 884
Anybody can shed light on this would be much appreciated.
Post #1470807
Posted Friday, July 5, 2013 11:44 AM


SSChampion

SSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampion

Group: General Forum Members
Last Login: Yesterday @ 2:35 PM
Points: 12,962, Visits: 32,498
i don't see in what you posted where you granted ABCD\svcaccount permissions in msdb to the procedure sp_start_job; you might have glossed over it, but did you do something like this?
USE msdb;
CREATE USER [ABCD\svcaccount] FOR LOGIN [ABCD\svcaccount];
GRANT EXECUTE ON sp_start_job TO [ABCD\svcaccount];



Lowell

--There is no spoon, and there's no default ORDER BY in sql server either.
Actually, Common Sense is so rare, it should be considered a Superpower. --my son
Post #1470827
Posted Friday, July 5, 2013 1:30 PM


SSC Eights!

SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!

Group: General Forum Members
Last Login: Friday, December 12, 2014 1:02 AM
Points: 823, Visits: 753
When you use EXECUTE AS, you impersonate a database user, not a server login and you are sandboxed inside your database. You can break out of the sandbox - and open a security hole while you are it.

I have a longer article on my web site that discusses various techniques to grant permissions through stored procedures, and it includes two examples of how to solve exactly this problem, see http://www.sommarskog.se/grantperm.html


Erland Sommarskog, SQL Server MVP, www.sommarskog.se
Post #1470864
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse