Re: Permission for Importing data.

From: Allan Mitchell (allan_at_no-spam.sqldts.com)
Date: 11/18/04

Next message: anonymous22: "Re: step dont'execute"
Previous message: Allan Mitchell: "Re: step dont'execute"
In reply to: GaneshBabu kaliaperumal: "Re: Permission for Importing data."
Messages sorted by: [ date ] [ thread ]

Date: Thu, 18 Nov 2004 02:47:05 -0800

I would also be interested to know where you read about having to be the
database owner to execute xp_cmdshell.

>From BOL.

When xp_cmdshell is invoked by a user who is a member of the sysadmin fixed
server role, xp_cmdshell will be executed under the security context in which
the SQL Server service is running. When the user is not a member of the
sysadmin group, xp_cmdshell will impersonate the SQL Server Agent proxy
account, which is specified using xp_sqlagent_proxy_account. If the proxy
account is not available, xp_cmdshell will fail. This is true only for
MicrosoftÂ® Windows NTÂ® 4.0 and Windows 2000. On Windows 9.x, there is no
impersonation and xp_cmdshell is always executed under the security context
of the Windows 9.x user who started SQL Server.

The permission for xp_cmdshell defaults to the sysadmin role but this can be
given to non-sysadmins also.

Allan

"GaneshBabu kaliaperumal" wrote:

> For BCP, in order to execute the xp_cmdshell the user has to be the
> database owner. But I do agree with access and excel there is a pitfall.
>
> I appreciate your idea too. This kind of permission I will have to give
> it to the production support. By that way, I can ensure the data
> wouldn't be transferred by any way or any means.
>
> Let me wait for someone's input and look forward positively.
>
> Have a nice time
>
> Cheers,
> Ganesh
>
>
>
>
>
>
> *** Sent via Developersdex http://www.developersdex.com ***
> Don't just participate in USENET...get rewarded for it!
>

Next message: anonymous22: "Re: step dont'execute"
Previous message: Allan Mitchell: "Re: step dont'execute"
In reply to: GaneshBabu kaliaperumal: "Re: Permission for Importing data."
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: Calling External Progs
... When you grant execute permissions to users, ... account running Microsoft SQL ServerT has the needed privileges to execute. ... which the SQL Server service is running. ... Microsoft® Windows NT® 4.0 and Windows 2000. ...
(microsoft.public.sqlserver.security)
Re: File Ownership failing for Domain Accounts
... The procedure you describe changes the database owner and is unrelated to file ownership. ... the ownership of database files to a windows user. ... Click "OK" on the "Database Properties" dialog to return to the main SQL Server Management Studio application ...
(microsoft.public.sqlserver.security)
Re: Windows Services Groups
... Is the name of the Windows NT user or group. ... If the Windows NT user or group does not exist in SQL Server, ... Only members of the securityadmin or sysadmin fixed server roles can execute ... EXEC sp_denylogin 'Corporate\GeorgeW' ...
(microsoft.public.sqlserver.security)
Re: Windows Services Groups
... Is the name of the Windows NT user or group. ... If the Windows NT user or group does not exist in SQL Server, ... Only members of the securityadmin or sysadmin fixed server roles can execute ... EXEC sp_denylogin 'Corporate\GeorgeW' ...
(microsoft.public.sqlserver.security)
Sysprocesses - Status EXECUTE
... What does status = 'EXECUTE' actually mean? ... Windows 2003 Server ... SQL Server 2000 SP3a ...
(microsoft.public.sqlserver.server)