Home Forums Article Discussions Article Discussions by Author Discuss Content Posted by James Greaves Monitoring and Recording DDL changes on SQL 2005 (NARC) RE: Monitoring and Recording DDL changes on SQL 2005 (NARC)

  • May 5, 2008 at 6:50 pm

    #810990

    I have a user (developer) that tried to alter a view in a db. He does not have rights to the db ("Admin") I write the 2 tables to. He DOES have rights to do what he was doing.

    Granting him even write rights to the 2 audit tables seems counter intuitive; I thought the db and server triggers should execute in another security context... maybe this is my incorrect assumption. I don't want to turn on cross db ownership chaining-- that would expose me to a different set of risks when I am trying to ratchet those down.

    His Error:

    Msg 916, Level 14, State 1, Procedure trgMonitorChange, Line 33

    The server principal "the users domain name" is not able to access the database "Admin" under the current security context

    Any thoughts/recommendations?

    Cursors are useful if you don't know SQL