Stored Proc access multiple databases on same server FAILS

StackOverflow https://stackoverflow.com/questions/19715636

質問

I am trying to run stored procedure from a limited permission login that has been granted execute permissions for said stored procedure. The stored procedure access 2 databases that exist on the same server. When I execute the stored procedure I receive an error that states:

The server principal "LimitedUser" is not able to access the database "Database2" under the current security context.

Some background: I have recently been tasked with the goal of migrating our 2 different database servers into a single database. I have backed up and exported the necessary databases and restored them into the new server. The older databases are MS sql server 2000 (for Database 2), and MS sql server 2005 (for database 1 - where the aforementioned stored proc is located)

I have found some leads that seem to suggest that because I imported the databases, the owners were different and that would cause a problem. So i ran "exec sp_changedbowner 'sa'" on the 2 databases to ensure they had the same owner. I still got the same error when running the stored proc from the LimitedUser. A lot of other examples on various forum sites deal with databases that are on different servers...and having to utilize open query commands. I do not believe this is necessary.

When I run it as a user who has more admin permissions, the stored proc runs just fine. So my question is, what permissions should I be setting to allow this action from LimitedUser?

Thanks!

役に立ちましたか?

解決

LimitedUser needs permissions on Database2 to do whatever the stored procedure is doing in that database, ownership chaining will only work within the same database (unless you enable the server option Cross Database Ownership Chaining, which I don't recommend as it breaks down the database container as a security boundary).

So, for example, you have db1 and db2, there is a stored proc in db1 that executes select * from db2.dbo.table1

For this you need LimitedUser to have:

  • execute permissions in the db1 database for the procedure
  • select permissions on table1 in db2
ライセンス: CC-BY-SA帰属
所属していません StackOverflow
scroll top