authentication when creating table synonym in remote server

Question

I just came across the concept of SYNONYM in a database. By reading this: http://msdn.microsoft.com/en-us/library/ms187552.aspx and this What is the use of SYNONYM in SQL Server 2008? I figure out the purposse of synonym.

however, I still don't understand a little step in real process of creating a synonym for a remote table. I have search the web, but generally the instruction mainly focus on SQL syntax(for example this one:http://www.oninit.com/manual/informix/english/docs/dbdk/is40/sqls/02cr_prc8.html). And I find none of the guidance mention the authentication part when creating a synonym for remote table. I guess a database can't just let anyone make a synonym then get the access to its tables?

so I curious how the target remote table's database can know if the synonym reference accessing its table is legal?

Answer 1

The answer to your question is going to depend a lot on what database platform you are using to contain the synonym; in your question, you referenced documentation from at least two (SQL Server and Informix). I don't know much about Informix, but I'm going to assume that it's security model is different than SQL Server.

For SQL Server, the remote server must be set up as a linked server first (assuming that you are using a remote object). See http://technet.microsoft.com/en-us/library/ms188279.aspx for details on how to do that.

Answer 2

From CREATE SYNONYM:

You do not need permission on the base object to successfully compile the CREATE SYNONYM statement, because all permission checking on the base object is deferred until run time.

That is, there's no security issues around synonyms, because the permissions checks take place when the synonym is used, and the permission checks are based on the real object, not the synonym.