Re: Permissions and ODBC

From: Dan Guzman (guzmanda_at_nospam-online.sbcglobal.net)
Date: 09/12/04

• Next message: Steve: "Exec Stored Procedure from command line?"
• Previous message: Hari Prasad: "Re: T-SQL Differences between SQL 7.0 and SQL 2000"
• In reply to: rob: "Permissions and ODBC"
• Messages sorted by: [ date ] [ thread ]

Date: Sun, 12 Sep 2004 11:12:50 -0500

Permissions on indirectly referenced objects are not needed as long as the
objects have the same owner (i.e. owner maps to the same login). In the
case of dbo-owned objects in different databases, the databases need to have
the same owner so that the dbo user maps to the same login. You can change
database owners using sp_changedbowner, if needed. Also, cross-database
ownership chaining is a configurable option in SQL 2000 SP3 and needs to be
enabled in both databases. You can enable this using sp_dboption:

    EXEC sp_dboption 'Database1', 'db chaining', true
    EXEC sp_dboption 'Database2', 'db chaining', true

The main security consideration with cross-database chaining is that you
should enable the option only if you trust users with object CREATE
permissions in those databases. See the SQL 2003 SP3 Books Online for more
info.

-- 
Hope this helps.
Dan Guzman
SQL Server MVP
"rob" <rwc1960@bellsouth.net> wrote in message
news:MYW0d.113845$0o5.105823@bignews1.bellsouth.net...
> There are 2 SQL databases involved and an MS Access program.... also using
> windows authentication...
>
> The Ms Access program executes a stored procedure that resides in SQL
> database#1, the stored procedure updates data in SQL dataabase#2..
>
> Assume the user has rights to execute the stored procedure in database#1.
> How can you best limit the rights of the user to database#2, but still
> allow
> them to execute the stored procedure in database#1 that updates the data
> in
> database#2 ?
>
>
>
>
>

• Next message: Steve: "Exec Stored Procedure from command line?"
• Previous message: Hari Prasad: "Re: T-SQL Differences between SQL 7.0 and SQL 2000"
• In reply to: rob: "Permissions and ODBC"
• Messages sorted by: [ date ] [ thread ]

Relevant Pages Re: RETURN_VALUES ??? done... What have I gained? ... Dr Codd is the IBM guy who theorized and developed everything we know about ... SQL and relational databases. ... >> dataset even though you are pointing to a stored procedure. ... (borland.public.delphi.database.ado) Re: Viewing object owner in SQL 2005 - ownership chaining ... preferred it if SQL 2005 supported EXECUTE AS for views). ... I'm beginning to understand that OWNER lives somewhere between the ... the owner of the schema the object was created it. ... In many databases, dbo owns everything. ... (microsoft.public.sqlserver.security) Re: SQL Injection Prevention ... I'm just saying that when it concerns to SQL injection, ... > built stored procedure so it's obvious which will win. ... > suggest you stay away from databases altogether:). ... (microsoft.public.sqlserver.server) Re: SQL Injection Prevention ... I'm just saying that when it concerns to SQL injection, ... > built stored procedure so it's obvious which will win. ... > suggest you stay away from databases altogether:). ... (microsoft.public.dotnet.security) Continue SP after Database Access Failure ... Over night we take a copy of various live SQL databases onto another SQL ... server for reporting purposes. ... of the live databases is offline the stored procedure has an error and stops. ... (microsoft.public.sqlserver.programming)

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint