Re: current security context is not trusted (cross db ownership ch

From: Erland Sommarskog <esquel@xxxxxxxxxxxxx>
Date: Wed, 12 Dec 2007 22:39:20 +0000 (UTC)

Dan Guzman (guzmanda@xxxxxxxxxxxxxxxxxxxxxxxxxxx) writes:

To get DB chaining to work, you need to activate it both on server level
and database level. Books Online says:

The instance of SQL Server will recognize this setting when the cross
db ownership chaining server option is 0 (OFF). When cross db ownership
chaining is 1 (ON), all user databases can participate in
cross-database ownership chains, regardless of the value of this
option. This option is set by using sp_configure.

I don't think the Books Online is clear on this point. The DB_CHAINING
database option is ignored when 'cross db ownership chaining' of
sp_configure is set to 1. When 'cross db ownership chaining' is set to
0, the DB_CHAINING database option may be used to turn on chaining
selectively for individual databases.

Hm, I think I need to learn to read, but yes they could have expressed it
better. Sorry for the confusion. (And I really should know better. If Dan
says something about security, it's usually right.)

--
Erland Sommarskog, SQL Server MVP, esquel@xxxxxxxxxxxxx

Books Online for SQL Server 2005 at
http://www.microsoft.com/technet/prodtechnol/sql/2005/downloads/books.mspx
Books Online for SQL Server 2000 at
http://www.microsoft.com/sql/prodinfo/previousversions/books.mspx
.

References:
- Re: current security context is not trusted (cross db ownership chaini
  - From: Dan Guzman
- Re: current security context is not trusted (cross db ownership ch
  - From: Sam Tai
- Re: current security context is not trusted (cross db ownership ch
  - From: Dan Guzman
- Re: current security context is not trusted (cross db ownership ch
  - From: Sam Tai
- Re: current security context is not trusted (cross db ownership ch
  - From: Dan Guzman
- Re: current security context is not trusted (cross db ownership ch
  - From: Erland Sommarskog
- Re: current security context is not trusted (cross db ownership ch
  - From: Dan Guzman

Prev by Date: Re: Sp_changepassword
Next by Date: Re: Sp_changepassword
Previous by thread: Re: current security context is not trusted (cross db ownership ch
Next by thread: Re: current security context is not trusted (cross db ownership chaini
Index(es):
- Date
- Thread

Relevant Pages

Re: current security context is not trusted (cross db ownership ch
... ALTER DATABASE only in the specific cases where needed. ... The instance of SQL Server will recognize this setting when the cross ... db ownership chaining server option is 0. ...
(microsoft.public.sqlserver.security)
Re: current security context is not trusted (cross db ownership ch
... The instance of SQL Server will recognize this setting when the cross ... database option is ignored when 'cross db ownership chaining' of sp_configure is set to 1. ...
(microsoft.public.sqlserver.security)
Re: Profile Trace: how to tell which database when filtering on user
... EXEC sp_configure 'Cross DB Ownership Chaining', ... But JOE has these privileges by virtue of membership in a db role. ... > having cross database ownership chaining enabled. ...
(microsoft.public.sqlserver.security)
Re: current security context is not trusted (cross db ownership ch
... The reason cross-database chaining works without DB_CHAINING enabled is that you turned on DB_CHAINING at the sever level with the sp_configure 'cross db ownership chaining' option. ... The Best Practice is to leave it off at the server level and set DB_CHAINING at the database level with ALTER DATABASE only in the specific cases where needed. ... EXECUTE ON SCHEMA::MySchema TO MyUsers ...
(microsoft.public.sqlserver.security)
Cross DB ownership chaining
... I am having trouble setting up cross db ownership chaining. ... Using SQL Server 2000 SP3a. ... Create new database A1. ... Grant select permission on vTableA to UserA. ...
(microsoft.public.sqlserver.security)