June 6, 2006 at 7:04 pm
Greetings!
I am beginning to look hard at the DB Ownership Chaining we currently use on one of our SQL Server 2000 instances as it relates to migrating to SQL Server 2005.
Per this article it seems to me that Ownership Chaining as we knew it in SQL2000 does not exist in SQL2005, but is instead implemented by granting EXECUTE AS Security permissions in the target DB. Can anybody confirm that for me?
"Cross-database permissions are not allowed. In order to grant cross-database permissions, you'll have to create a duplicate user in each database and separately assign each database's user the permission."
Part Deux: Since previous DBA installed SQL 2000 SP3a with Cross Database Ownership Chaining option ON, ALL DBs in existence at that time have it ON. In short, I have no idea where it is used. I know the intention was to implement for just a few DBs, but I am concerned the functionality has since been inadvertantly used in additional DBs and bred into many of our internal app features so that selectively turning it OFF in DBs could give me a big headache.
Question: Has anybody used Profiler, Trace Flag or any other method to collect stats to determine when Cross Database Ownership Chaining is invoked... by Users/DB/objects?
BTW, I believe we have a high-level internal Security Trust (as recommended by MS) to accomodate the instance level DBOC in SQL 2000 but for the SQL Server 2005 migration, I want to only implement the EXECUTE AS (or whatever DBOC is called there) where it's actually used, not everything for everybody. Call me paranoid.
Thanks in advance for any advice rendered...
Stuart
"Chance is always powerful. Let your hook be always cast. In the pool where you least expect it, will be a fish" - Ovid
June 9, 2006 at 8:00 am
This was removed by the editor as SPAM
June 10, 2006 at 4:51 am
Ownership chaining still exists in SQL Server 2005 and is not replaced by execute as in sql server 2005. Exceute as just gives you another option and is very useful if you encounter problems with broken ownership chains.
hth
David
June 11, 2006 at 11:06 am
Thanks for clarifying this for me, David. Much appreciated!
Stuart
"Chance is always powerful. Let your hook be always cast. In the pool where you least expect it, will be a fish" - Ovid
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply