permission issue with sql login

  • I have a stored proc that gets executed by SQL login which has execute access to the schema owned by stored proc.

    Inside the stored proc, it has insert statement to another DB which this sql login doesn't have access to. How do I get around it?

    Third party app calls the stored proc.

    Thanks for your help.

  • SQL_Surfer (3/8/2013)


    I have a stored proc that gets executed by SQL login which has execute access to the schema owned by stored proc.

    Inside the stored proc, it has insert statement to another DB which this sql login doesn't have access to. How do I get around it?

    Third party app calls the stored proc.

    Thanks for your help.

    This constitutes a broken ownership chain. You can look into cross-database ownership chaining and the use of EXECUTE AS. You can also explore signing the procedure with a certificate that has access to all underlying resources.

    There are no special teachers of virtue, because virtue is taught by the whole community.
    --Plato

  • But he second db's table where the insert is going to take palce is owned by different schema.

  • Schemas do not own things, but I know what you mean.

    In that case you can look into certificate signing or EXECUTE AS. I would go for certificate signing, it's a bit cleaner and you do not need to deal with impersonation.

    There are no special teachers of virtue, because virtue is taught by the whole community.
    --Plato

  • Thanks I got it working using certificate. Question though...How about linked server? If I have the proc loads records in a table in different server?

  • It depends on how the Linked Server is configured. If you have the certificate working then it should be a trivial thing to test using a Linked Server from inside a certificate-signed stored procedure. If you run into errors, post your Linked Server definition and the error message.

    There are no special teachers of virtue, because virtue is taught by the whole community.
    --Plato

Viewing 6 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic. Login to reply