October 17, 2006 at 6:31 pm
I've been asked to implement set db option chaining on which I’m not sure of.
Question: ALTER A_PROD DATABASE: Set option db chaining on:
(A_PROD DB an interface to B_PROD DB) needs to access B_PROD DB from within a procedure))
Thanks
Jimmpy
October 19, 2006 at 11:46 am
I do not know a great deal about cross-database ownership chaining but you should be able to set things up so one user id can perform the tasks you need with out it. We have many applications that use 2 or more databases with one SQL login and we have no real issues.
RegardsRudy KomacsarSenior Database Administrator"Ave Caesar! - Morituri te salutamus."
October 20, 2006 at 1:00 am
You shouldn't make such a change without understanding what they are trying to do security wise... this does open up the database in question and sometimes it's necessary or it's the best solution.
For instance, we use a "master" database with core tables and we have "auxiliary" databases which have views implementing row-level security back to the main tables. We don't want to give direct access to the main tables, so it makes sense in our situation to use cross-database ownership chaining to solve this technical challenge. However, otherwise we leave cross-database ownership chaining off.
Are the users not defined in both databases? Is there a reason the application needs to bypass the security check? Are the objects truly owned by the same login (which is the only benefit to this)?
K. Brian Kelley
@kbriankelley
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply