locked
Cross-database permission problem RRS feed

  • Question

  • Can anyone help me with this problem please?

    I have 2 databases on the same server, both owned by sa. A Windows login has permission to execute a stored proc in database A that selects data from a table database B. The stored proc and table are also both owned by dbo. The Windows login is a member of a Windows domain group that is a member of a database role in database A that has the permission to execute the stored proc, but it has not been granted or denied any permissions on database B directly. It is able to successfully execute stored procs that use database A and other procs that access other databases that the login has permissions to already but when it attempts to execute this stored proc it generates the error "The server principal "<DOMAIN\login>" is not able to access the database "B" under the current security context." Cross database ownership chaining is enabled at the server level but the two databases have is_db_chaining_on = 0 in sys.databases.

    Is it as simple as you have to enable cross-database ownership chaining at both the server and database level?
    Tuesday, February 17, 2009 9:03 AM

All replies