This probably wasn t the desired result. Although EXECUTE

This probably wasn t the desired result. Although EXECUTE AS SELF looks interesting, it should be used with care because it can make ownership chains more complex. When the stored procedure count_rows_as_me accesses any table that the current owner does not own, an ownership chain will be broken and permissions on the underlying object will be checked. In addition, when a different stored procedure uses this stored procedure, it is possible that ownership chains could be broken at two levels, as shown in the script that follows. table FOO_TABLE is owned by DBO. using the count_rows_as_me procedure from the previous example SETUSER JAY GO this checks permissions if JAY is not DBO count_rows_as_me foo_table SETUSER FRED GO CREATE PROCEDURE select_and_count AS SELECT * FROM customers count_rows_as_me foo_table GO 196 SECURITY Authors Table Owner: Fred Bob Stored Procedure Owner: Fred SELECT*FROM Authors EXECUTE ( SELECT*FROM Authors ) No permission check Fred owns both Permission for Bob checked, dynamic SQL Authors Table Owner: Fred Bob Stored Procedure Execute as Self Owner: Fred SELECT*FROM Authors EXECUTE ( SELECT*FROM Authors ) No permission check Fred owns both Permission for Fred checked, dynamic SQL Figure 6-3: Using EXECUTE AS SELF with Dynamic SQL

Note: If you are looking for good and high quality web space to host and run your application check Lunarwebhost JSP Web Hosting services

Bookmark the permalink.

Comments are closed.