February 5, 2003 at 6:12 am
Is it possible to impersonate another user in lets say a trigger.
For example, lets say I have two databases DB1 and DB2 within the same SQL Server 2000 instance.
I have one user with insert privileges in DB1 but no privileges at all in DB2.
Is it possible to have a trigger that propagates an insert into a table in DB1 to another table in DB2?
ie. Is it possible to Impersonate a user (inside the trigger in DB1) that have insert privileges in both DB1 and DB2?
February 6, 2003 at 12:57 pm
The only way I know of is by means of xp_cmdshell and osql/isql.
February 6, 2003 at 3:19 pm
Not impersonate, no. But what you want to do, which is get information into DB2 from DB1, can be. With SP3 and cross-database ownership chains, it is possible. As long as the owner of both objects is the same login (server level), cross-database ownership chaining is turned on for both databases (or alternately at the server level), and the user who does the insert has a valid user account in DB2 (even if it is guest), yes. Security-wise, though, it does open up quite a few holes as you can readily imagine.
K. Brian Kelley
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
http://www.netimpress.com/shop/product.asp?ProductID=NI-SQL1
K. Brian Kelley
@kbriankelley
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply