February 2, 2013 at 8:37 am
Hello, i need to create a user with access to sysprocesses ( to check blocked sessions ) but only in one database, as we know SERVER STATE gives permissions to all instance, but this user need to be confined to a database i choose.
the best way to do this is to create a SP with a where clause inside, but something is not working correct because the EXECUTE AS ... statement is not working as it should ( i choose a sysadmin user on the EXECUTE clause but when the user executes the SP he just sees his connection... )
theres any other good idea doing this ? thanks 🙂
February 2, 2013 at 9:16 am
If you set the trustworthy attribute on the database to ON then your user will have the permissions of it's associated login available to it. Be for-warned though that while this will let you avoid situations like what you are trying to do it also opens up a security hole to anyone with impersonation permissions. It can effectively make the database owner into a sysadmin.
Kenneth FisherI was once offered a wizards hat but it got in the way of my dunce cap.--------------------------------------------------------------------------------For better, quicker answers on T-SQL questions, click on the following... http://www.sqlservercentral.com/articles/Best+Practices/61537/[/url]For better answers on performance questions, click on the following... http://www.sqlservercentral.com/articles/SQLServerCentral/66909/[/url]Link to my Blog Post --> www.SQLStudies.com[/url]
February 2, 2013 at 9:34 am
Thanks Kenneth
There's any other way to do this ? Don't want to use the thrustworthy
February 2, 2013 at 10:04 am
Honestly I don't know of any other way to view blocking on a server. Not to say there isn't one, I just don't know it.
What you could do is to create a separate database that you use for trustworthy functions. Don't give anyone dbo type permissions on it. Give the user connect to the database and execute on just that one stored procedure. That way the only people who can execute it will be sysadmins (who can do what they want anyway) and the one login associated with the user on that database, and the only thing they will be able to do on that database is execute your stored procedure.
Kenneth FisherI was once offered a wizards hat but it got in the way of my dunce cap.--------------------------------------------------------------------------------For better, quicker answers on T-SQL questions, click on the following... http://www.sqlservercentral.com/articles/Best+Practices/61537/[/url]For better answers on performance questions, click on the following... http://www.sqlservercentral.com/articles/SQLServerCentral/66909/[/url]Link to my Blog Post --> www.SQLStudies.com[/url]
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply