Database Mail - security implications of changing a profile from private to public?


  • Doing the following:
    - created a wrapper procedure in msdb that calls sp_send_dbmail
    - granted sql user exec permissions to my wrapper procedure
    - added the user to the DatabaseMailUserRole in msdb
    - changed the mail profile being used, from private to public in database mail config area
    - user will initiate the wrapper procedure via an insert trigger on a table in a different database

    I changed the mail profile from private to public to allow the sql user in this context to call sp_send_dbmail, by way of the wrapper procedure, but not call sp_send_dbmail directly.  With the mail profile as private, I get errors such as 

    Msg 15404, Level 16, State 10, Procedure xp_logininfo, Line 62
    Could not obtain information about Windows NT group/user '... user name here', error code 0xffff0002.

    It works on my test system, and now I want to do this on my production system.

    What are the security implications?  Is changing the db mail profile from private to public a bad idea?

    Still kinda confused after reading the docs

    So can I allow this user to send mail without making the profile public?  According to the docs, a user still has to be exist in msdb regardless, correct?

    • Edited by shiftbit Friday, April 05, 2013 10:14 PM
    Friday, April 05, 2013 10:05 PM