DEVHIDE
Login Or Sign up

Does WITH EXECUTE AS OWNER grant cross-database permissions?

92 Views Asked by At

Suppose that I have [DataBase1].[dbo].[MyStoredProc]. It modifies [DataBase1].[dbo].[HarmlessTable] and [DataBase2].[dbo].[DangerousTable]. Notice that these are not in the same database. Consider a user with all of the relevant permissions in [DataBase1] but no permissions at all in [DataBase2].

If I put WITH EXECUTE AS OWNER in [DataBase1].[dbo].[MyStoredProc], will they be able to run that stored procedure and edit [DataBase2].[dbo].[DangerousTable]?

sql-server t-sql permissions impersonation cross-database
Original Q&A
1

There are 1 best solutions below

0
J. Mini On

From the documentation

OWNER

Specifies the statements inside the module executes in the context of the current owner of the module.

in this case, the owner of the module would be whichever user created [DataBase1].[dbo].[MyStoredProc]. Users don't have permissions outside of the database where they reside. Their logins may do, but that's not relevant (example here).

Given that you are only copying the user's permissions and the user doesn't have permissions outside of the database in question, WITH EXECUTE AS OWNER will not grant cross-database permissions.

Related Questions in SQL-SERVER

Related Questions in T-SQL

Related Questions in PERMISSIONS

Related Questions in IMPERSONATION

Related Questions in CROSS-DATABASE

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs

Popular Questions

.

Copyright © 2021 Jogjafile Inc.