You might also setup the database to be owned by "SA" even if (hopefully) the SA account is disabled and then include an EXECUTE AS OWNER in the stored procedure the user is using to send the mail (and I'm not talking about sp_Send_DBMail itself).
If there is no such stored procedure and you're allowing the user to use sp_Send_DBMail directly, I'd have to call that a "security risk" and recommend that you setup such a stored procedure.
is pronounced ree-bar and is a Modenism for R
First step towards the paradigm shift of writing Set Based code: Stop thinking about what you want to do to a row... think, instead, of what you want to do to a column.
Although they tell us that they want it real bad, our primary goal is to ensure that we dont actually give it to them that way.
Although change is inevitable, change for the better is not.
Just because you can do something in PowerShell, doesnt mean you should. Helpful Links:
How to post code problemsHow to post performance problemsForum FAQs