Security Configuration between databases

  • Basic question:

    Is it possible to set up a View, Stored Procedure, or UDFunction in Database A that can be accessed by SQL Servee Login X and access data in Database B, without SQL Server Login X being a user of Database B?

    Supplemental Question:

    If the above is possible... how do you do it?

  • I'm struggling with this at the moment and so thought I would share in my confusion ...

    I think I have found that with sp's the default is that the users permissions in the target database are set at the users permissions i.e. if they don't have permissions the sp will not work. To get the sp to execute then you have to set on cross database ownership. The sp will then execute at the permission of the sp owner.

    Views - I don't believe the user needs permissions in the target database. I find this a little scary in case somebody accidently assigns the wrong permissions to the view without realising the implications (ok, so they shouldn't be able to do that). So to prevent this I added the users into a group and did give them access to the target database but with denydatawriter.

    It's been a very long day and I will probably find tomorrow that I have this all very wrong.

    Thanks

  • quote:


    I think I have found that with sp's the default is that the users permissions in the target database are set at the users permissions i.e. if they don't have permissions the sp will not work. To get the sp to execute then you have to set on cross database ownership. The sp will then execute at the permission of the sp owner.


    that is true if all objects are owned by dbo which is a good practice and the crossdatababase ownership chain is very dependent on the enviroment for large enviroments it may be an issue

    HTH


    * Noel

Viewing 3 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic. Login to reply