CommandShellLogin

  • Hi All,

    I am new in the SQL SERVER.

    Can anyone tell me why we used to give IMPERSONATE grant access for the login CommandShellLogin to the user .

    Example:

    USE [master]

    GO

    GRANT IMPERSONATE ON LOGIN::CommandShellLogin TO user

    GO

  • arooj300 (1/29/2014)


    Hi All,

    I am new in the SQL SERVER.

    Can anyone tell me why we used to give IMPERSONATE grant access for the login CommandShellLogin to the user .

    Example:

    USE [master]

    GO

    GRANT IMPERSONATE ON LOGIN::CommandShellLogin TO user

    GO

    One can only imagine that it's a wayward way of giving privs to a user so that they can run xp_CmdShell directly. That should never ever be done and that's why a lot of people mistakenly call xp_CmdShell a security risk. It's because people have created the risk. Only SA's and certain Stored Prodecures should be allowed to use xp_CmdShell.

    --Jeff Moden


    RBAR is pronounced "ree-bar" and is a "Modenism" for Row-By-Agonizing-Row.
    First step towards the paradigm shift of writing Set Based code:
    ________Stop thinking about what you want to do to a ROW... think, instead, of what you want to do to a COLUMN.

    Change is inevitable... Change for the better is not.


    Helpful Links:
    How to post code problems
    How to Post Performance Problems
    Create a Tally Function (fnTally)

  • Thanks for the reply,

    I want to ask ...

    for file uploading(ex: excel, csv or word) in database, what should be access required to the user.

    thanks

  • You could do it inside a stored procedure, and then grant the right to execute said stored procedure to whoever you wanted. You could add EXECUTE AS <user> inside your stored procedure.

Viewing 4 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply