Re: Security - Stored Procedures
From: Dan Guzman (guzmanda_at_nospam-online.sbcglobal.net)
Date: 11/06/04
- Previous message: news.bellatlantic.net: "Security - Stored Procedures"
- In reply to: news.bellatlantic.net: "Security - Stored Procedures"
- Next in thread: news.bellatlantic.net: "Re: Security - Stored Procedures"
- Reply: news.bellatlantic.net: "Re: Security - Stored Procedures"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 6 Nov 2004 06:45:01 -0600
This is known as ownership chaining. When the objects involved have the
same owner, permissions are only checked on directly referenced objects.
Permissions on indirectly referenced objects are not required.
Beginning with SQL 2000 SP3, ownership chaining for cross-database
references is disabled by default. You can turn this on selectively in your
user databases by setting the 'db chaining' database option to true (EXEC
sp_dboption 'MyDatabase', 'db chaining', true). When enabled, ownership
chains will be unbroken as long as the object owners map to the same login.
Note that for dbo-owned objects, this necessitates that the databases be
owned by the same login since database ownership determines the user/login
mapping for the dbo user. You can change database ownership using
sp_changedbowner.
Enable cross-database chaining in a database only if you fully trust those
users who have permissions to create objects owned by other users (i.e.
db-owner and db_ddladmin role members). With an sa-owned database, ensure
only sysadmin role members can create dbo-owned objects.
See Cross DB Ownership Chaining <adminsql.chm::/ad_config_8d7m.htm> in the
Books Online for more information.
-- Hope this helps. Dan Guzman SQL Server MVP "news.bellatlantic.net" <vze3vdze@verizon.net> wrote in message news:uLTfGX7wEHA.3288@TK2MSFTNGP14.phx.gbl... > If I have two tables each in a different database on the same server and I > try to reference them in a stored proc in one of the databases everything > works fine. Then I setup the application user id (the sql login we use in > our applications) to execute the SP. When I run it, SQL DB says it doesn't > have permission to select from the table in the other database. Normally I > wouldn't have to give permission to select from any table, just execute > rights on the SP. > > This is a sample of the kind of SQL statement I'm talking about: > > SELECT a.*, b.* > FROM Golfing.Golfers a, Employees.Users > WHERE a.golferId = b.userid > > Any idea what I can do here. I don't ever want to give select rights to > the > application user. It should only have rights to execute the SP. > > Thanks for your help. > >
- Previous message: news.bellatlantic.net: "Security - Stored Procedures"
- In reply to: news.bellatlantic.net: "Security - Stored Procedures"
- Next in thread: news.bellatlantic.net: "Re: Security - Stored Procedures"
- Reply: news.bellatlantic.net: "Re: Security - Stored Procedures"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
