Re: permissions required for executing CDOSys stored procedures

Dan,

Thanks for that reminder. We broke our ownership chains many years ago,
well before SQL 2000 SP3, by giving each database a different owner. It had
faded from memory.

RLF
"Dan Guzman" <guzmanda@xxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:48E04539-9C60-4265-94CD-19AEDFCA6443@xxxxxxxxxxxxxxxx
Perhaps the cross-database chaining (a.k.a. db_chaining) database option
is turned on. In that case, execute permissions on indirectly referenced
objects in other databases are not needed as long as the ownership chain
is unbroken. Users need execute permissions on only the user stored
procedure.

Note that the user database must be owned by 'sa' to maintain an unbroken
chain to master database objects. It is important that only sysadmin
users be allowed to create dbo-owned objects in this scenario in order to
prevent elevation of privileges.

--
Hope this helps.

Dan Guzman
SQL Server MVP

"Neile Bermudes" <NB@xxxxxxxxxxxxxxxx> wrote in message
news:2048E482-F053-4BFA-92F4-D77C01A2FB54@xxxxxxxxxxxxxxxx
Hi there

I'm doing some analysis on the database applications in my organisation
before migrating the databases to a new server. One of these makes use of
CDOSys objects for sending mail, instead of SQL Mail. There are a number
of
stored procedures within the database that call the sp_OACreate &
sp_OASetProperty. Apparently only members of the sysadmin role can
execute
these stored procedures, however, the sql login for this application is
not a
sysadmin! I thought perhaps there was a mistake in books online but i've
looked on google and the permission requirements are the same - must be
sysadmin. Any ideas how it still manages to function without these
rights?

Thanks in advance!



.

Relevant Pages

  • Re: dbdebunk Quote of Week comment
    ... > a lot of really bad SQL programmers. ... But SQL does not have a pointer data type or the ... > being told to design a database. ... But why is little Cindy Lou Who employee ...
    (comp.databases.theory)
  • Re: DBMS and lisp, etc.
    ... Naively implemented with SQL, again for 10 ... (1 query for the initial orders, 1 query for each order for its ... soon as you upgrade to the SQL database. ... (eq (order-customer orderA) ...
    (comp.lang.lisp)
  • Re: dbdebunk Quote of Week comment
    ... > a lot of really bad SQL programmers. ... a surrogate key should support the primary key. ... But SQL does not have a pointer data type or the ... > being told to design a database. ...
    (comp.databases.theory)
  • Re: dbdebunk Quote of Week comment
    ... But SQL does not have a pointer data type or the ... More and more programmers who have absolutely no database training are ... But why is little Cindy Lou Who employee ...
    (comp.databases.theory)
  • Re: Just say no to threads [Was: Software architecture]
    ... they knew there was going to be a database in the app. ... Now my colleague just spent a couple/three weeks designing an SQL ... Turns out they have a flat file of sample information, ...
    (comp.object)