EXUCUTE AS to Drop & Create Snapshot

  • I am writing a stored procedure at the end of which is supposed to drop & recreate a snapshot of the current database. The users running the SP obviously need to drop & recreate the snapshot but should not be able to drop the current database.

    EXECUTE as user = 'SnapShotCreator' -- Member of sysadmin server role

    DROP DATABASE DATABASE1_SNP;

    create database DATABASE1_SNP

    ON (NAME = 'DATABASE1', FILENAME = 'I:\SQLData\User\DATABASE1_SNP.snp')

    As SNAPSHOT of DATABASE1

    REVERT

    -- I have previousy run the following:

    GRANT IMPERSONATE ON LOGIN::[SnapShotCreator] To [DOMAIN\DOMAINGROUP]

    When I run the code to recreate the snapshot, I get

    Msg 916, Level 14, State 1, Line 1

    The server principal "SnapShotCreator" is not able to access the database "DATABASE1" under the current security context.

    What am I missing?

  • The question is not very clear, but EXECUTE AS is a non-starter. Sign the procedure with a certificate and create a login from the certificate and grant that login the permissions required. If the procedure is in a user database, you will need the certificate in both places.

    For a detailed description of this technique, and why EXECUTE AS will not work for you, see this article on my web site:

    http://www.sommarskog.se/grantperm.html

    As for preventing users to drop "real" databases, this is logic you need to code in your procedure.

    [font="Times New Roman"]Erland Sommarskog, SQL Server MVP, www.sommarskog.se[/font]

Viewing 3 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic. Login to reply