January 29, 2014 at 8:56 am
Hi All,
I am new in the SQL SERVER.
Can anyone tell me why we used to give IMPERSONATE grant access for the login CommandShellLogin to the user .
Example:
USE [master]
GO
GRANT IMPERSONATE ON LOGIN::CommandShellLogin TO user
GO
January 29, 2014 at 4:22 pm
arooj300 (1/29/2014)
Hi All,I am new in the SQL SERVER.
Can anyone tell me why we used to give IMPERSONATE grant access for the login CommandShellLogin to the user .
Example:
USE [master]
GO
GRANT IMPERSONATE ON LOGIN::CommandShellLogin TO user
GO
One can only imagine that it's a wayward way of giving privs to a user so that they can run xp_CmdShell directly. That should never ever be done and that's why a lot of people mistakenly call xp_CmdShell a security risk. It's because people have created the risk. Only SA's and certain Stored Prodecures should be allowed to use xp_CmdShell.
--Jeff Moden
Change is inevitable... Change for the better is not.
January 30, 2014 at 12:22 am
Thanks for the reply,
I want to ask ...
for file uploading(ex: excel, csv or word) in database, what should be access required to the user.
thanks
February 6, 2014 at 9:58 pm
You could do it inside a stored procedure, and then grant the right to execute said stored procedure to whoever you wanted. You could add EXECUTE AS <user> inside your stored procedure.
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply