Re: EXECUTE AS question
- From: Erland Sommarskog <esquel@xxxxxxxxxxxxx>
- Date: Wed, 12 Mar 2008 16:16:25 -0700
stavros (stavros@xxxxxxxxxxxxxx) writes:
The procedure creates successfully, and it does execute under a
different security context - I can see this because the login column =
sa. However, it only returns one record, for the current session only
(as it would for a user without the VIEW SERVER STATE permission). Of
course, if I connect as sa and run sp_who2, I see information from all
sessions.
To be clear, if I log in as sa, sp_who2 returns all sessions (as
expected). The SP
above does in fact execute as sa (as expected). However, it
still only lists the current session, as if it's executing without the
VIEW SERVER STATE perm. That's the piece I don't understand, and what
I need a solution for.
This because when you impersonate a user, you are sandboxed into the
current database, unless that database is marked as trustworthy.
An alternative solution is to sign the procedure with a certificate,
and then associate create a login for the certificate, and then grant
that login VIEW SERVER STATE.
I have an article on my web site that covers this in detail:
http://www.sommarskog.se/grantperm.html
--
Erland Sommarskog, SQL Server MVP, esquel@xxxxxxxxxxxxx
Books Online for SQL Server 2005 at
http://www.microsoft.com/technet/prodtechnol/sql/2005/downloads/books.mspx
Books Online for SQL Server 2000 at
http://www.microsoft.com/sql/prodinfo/previousversions/books.mspx
.
- Follow-Ups:
- Re: EXECUTE AS question
- From: stavros
- Re: EXECUTE AS question
- References:
- EXECUTE AS question
- From: stavros
- EXECUTE AS question
- Prev by Date: EXECUTE AS question
- Next by Date: Re: user permissions
- Previous by thread: EXECUTE AS question
- Next by thread: Re: EXECUTE AS question
- Index(es):
Relevant Pages
|
|
