May 7, 2007 at 1:47 am
Hi folks ! I'm so confused about this problem.
Let me explain:
I have two similar databases A and B.
The first one (A)uses application roles (Admin and Users)
The second one (B) has no app. roles. There's only one role under database roles called user_group. Now on both databases there is one acount named abc. This user's account is dbowner of database A and he has full rights on it. On db B is dbowner dbo.
I have setup execute /read permisions for user abc in database B. (I have tryed to set permissions for dbo schema too)
For communication with database A we use application, which sometimes uses stored procedures from database B.
But I cannot make this work, because when the application calls the procedure from db B this error appears:
[Microsoft][ODBC SQL Server Driver][SQL Server]EXECUTE permission denied on object 'ABC_Zakazka', database 'B', schema 'dbo'.
No changes made to database.
UPDATE abc.zakazka with (rowlock) SET cislo = 314, plan = 1.00 WHERE cislo_subj = 194940
It's strange, cause when I try to run in Query Analyzer using account abc command "UPDATE abc.zakazka with (rowlock) SET cislo = 314, plan = 1.00 WHERE cislo_subj = 164920" it ends successfully with no errors.
Can someone explain, how to grant permissions for app roles from database A in database B, which does not exists under db B?
Under previous SQL 2000 we have used account guest, which has full rights on db B (datawriter, datareader, dbowner). But new security defense of SQL 2005 does not allow this security hole.
May 14, 2007 at 4:55 am
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply