Re: "SELECT permission denied on object", on view accessing tables in another database

• Previous message: Dave: ""SELECT permission denied on object", on view accessing tables in another database"
• In reply to: Dave: ""SELECT permission denied on object", on view accessing tables in another database"
• Next in thread: Dave: "Re: "SELECT permission denied on object", on view accessing tables in another database"
• Reply: Dave: "Re: "SELECT permission denied on object", on view accessing tables in another database"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 7 Sep 2004 16:01:41 -0400

Dave,

By default, after SQL Server 2000 SP3, ownership chaining between database
was broken unless you set it specially for your server. The reason,
cross-database ownership chaining opened some security breach opportunities.

Therefore, SS2K no longer thinks that VIEWER.dbo is the same user as
VIEWEE.dbo. So, if you want to avoid anyone seeing the tables, you will
need to have views in the same database with the tables.

Russell Fields
"Dave" <dpt@nospam.eliassen.com> wrote in message
news:ebLko8QlEHA.1376@TK2MSFTNGP12.phx.gbl...
> (Names changed for simplicity)
>
> Scenario: I have two databases, VIEWER and VIEWEE. VIEWEE contains
tables,
> and VIEWER contains views into the tables in VIEWEE. Both databases and
the
> tables in them are on the same server, and are owned by "dbo". I have a
> user, call it 'XX', with rights to do selects on the views in VIEWER, but
> with no rights in VIEWEE.
>
> When I log in as xx, in query analyzer (or anywhere else), and try to
select
> from a view in VIEWER, call it "VIEWTABLE", which views into a table in
> VIEWEE called "VIEWEDTABLE", I get:
>
> "SELECT permission denied on object 'VIEWEDTABLE', database 'VIEWEE',
owner
> 'dbo'."
>
> Help! I've searched dejanews about this, and found several people
> suggesting that the issue is caused by tables not having the same owner as
> the views. In my case, though, both are owned by "dbo". Does the problem
> have to do with the fact that the views and the viewed tables are in
> different databases?
>
> - Dave
>
>

• Previous message: Dave: ""SELECT permission denied on object", on view accessing tables in another database"
• In reply to: Dave: ""SELECT permission denied on object", on view accessing tables in another database"
• Next in thread: Dave: "Re: "SELECT permission denied on object", on view accessing tables in another database"
• Reply: Dave: "Re: "SELECT permission denied on object", on view accessing tables in another database"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages "SELECT permission denied on object", on view accessing tables in another database ... I have two databases, VIEWER and VIEWEE. ... "SELECT permission denied on object 'VIEWEDTABLE', database 'VIEWEE', owner ... (microsoft.public.sqlserver.security) Re: why>? ... On your desktop-- you'll be running SQL Server behind the scenes. ... it isn't risky to allow end users to create databases. ... it is no more risky than giving you the ability to create spreadsheets. ... I'm not saying that Oracle and IBM are going away. ... (microsoft.public.excel) Re: Please answer my queries for fresh Installation ... Moving SQL Server Databases ... Using WITH MOVE in a Restore to a New Location with Detach/Attach ... Disaster Recovery Articles for SQL Server ... (microsoft.public.sqlserver.server) Re: Please answer my queries for fresh Installation ... You can restore MSDB as well as master. ... > SQL Server, It will create Master, MSDB databases. ... (microsoft.public.sqlserver.server) Re: Moving SQL Server 2000 from NT4.0 to Windows 2003 ... Detach your existing user databases, ... user databases (or RESTORE) to the new server. ... > Hey Steve, ... Windows 2003 will not allow SQL Server SP less than 3. ... (microsoft.public.sqlserver.server)