SQL Server Performance

  • Home
  • Articles
  • Forums
  • Tips
  • Training
  • FAQ's
  • Blogs
  • Software
  • Books
  • About Us
RSS Feeds
Sign in | Join


Article Topics

All Articles
Performance Tuning
Audit
Business Intelligence
Clustering
Reporting Services
SQL Azure
Developer
General DBA
ASP.NET / ADO.NET
SQL Azure

USEFUL SITES :

ASP.NET Tutorials
Windows and SQL Azure Tutorials
Cloud Hosting Magazine
SharePoint Tutorials
Windows Server Help

Write for Us

Share your SQL Server knowledge with others and raise your profile in the community More...
Latest Articles

A High Level Comparison Between Oracle and SQL Server - Part ...
A High Level Comparison Between Oracle and SQL Server - Part ...
A High Level Comparison Between Oracle and SQL Server - Part ...
A High Level Comparison Between Oracle and SQL Server

More     
 
Latest FAQ's

Add Node to A SQL Server failover Cluster failed with invalid ...
SQL Server Destination remote server error
Setting Up Data And Log Files For SQL Server
Will Check Constraints Improve Database Performance?

More     
   
Latest Software Reviews

dbForge Review
Spotlight on ApexSQL Diff - Server-based database comparison tool ...
Spotlight on ApexSQL Data Diff - Server-based database comparison tool ...
Spotlight on ApexSQL Doc 2008

More     
articles >> developer >> Ownership Chains in SQL Server 2005 ...

Ownership Chains in SQL Server 2005

By : Amol Kulkarni
May 25, 2005

When multiple database objects access each other sequentially, the sequence is known as a "chain." Although such chains have no independent existence, when SQL Server is traversing the links in a chain, it evaluates user permissions on the constituent objects differently than it would if it were accessing them separately. These differences have important implications for managing security.

In the article, we will take a look at how ownership chains in SQL Server 2005 work. For demonstration purposes, we will use 3 users (Mary, John and Scott), and take a look at three different scenarios.

 

Four Different Scenarios

If you like, you can follow along with this article by running the following code in a test SQL Server database. This creates the three users we need for our scenario's below.

sp_addlogin 'Mary','mary123','AdventureWorks'

GO

USE AdventureWorks

GO

sp_grantdbaccess 'Mary'

GO

sp_addrolemember 'db_ddladmin','Mary'

Repeat the above code for two other users: John and Scott. (Replace Mary in the above code with John and Scott).

 

Scenario I

An unbroken ownership chain is one in which the owner of the calling object is also the owner of all the referenced objects. For example, Mary creates a stored procedure that references a table she owns.

She grants execute permissions on the stored procedure to another user, John. When John executes the stored procedure, SQL Server verifies that he (the caller) has permission to execute the stored procedure. Because John has permissions on the stored procedure and because the stored procedure and referenced table have the same owner, no additional permission checking is performed and the statement succeeds. In other words, when Mary granted permissions on the stored procedure to John, she indirectly granted permissions on the referenced table (which she also owns).

 

1.  Login as Mary and create a table and an SP.            

CREATE TABLE students                  --Creating table students

(rollno INT

,name VARCHAR(30)

,address VARCHAR(100))

GO

INSERT INTO students                     --Inserting records in students table

SELECT '101','ABC','LA' UNION

SELECT '102','XYZ','LA' UNION

SELECT '103','PQR','LA'

GO

CREATE PROCEDURE stud_sp          --Creating SP stud_sp

AS

SELECT * FROM students

 

2. Grant Execute permission on SP ‘stud_sp’ to John
 

             GRANT EXECUTE ON stud_sp TO john
 

3.  Now login as John and execute the SP ‘stud_sp’.
            

             EXECUTE Mary.stud_sp           


    Next Page>>    







C# Help and Tutorials | PHP MySQL Tutorial | Sharepoint Tutorial | Azure Tutorial | Cloud Hosting Magazine | ASP.NET Tutorials | Windows Server Help | Windows Phone Pro | Silverlight Ace | Visual Studio Tutorials | Home | Peformance Articles | Audit Articles | Business Intelligence Articles | Clustering Articles | Developer Articles | Reporting Services Articles | DBA Articles | ASP.NET / ADO.NET Articles | SQL Server Training Videos | DBA FAQ's | Developer Peformance FAQ's | DBA Peformance FAQ's | Developer FAQ's | Clustering FAQ's | Error Messages | Audit Tool Reviews | Backup Tool Reviews | Coding Tool Reviews | Compare Tool Reviews | Documentation Tool Reviews | Design Tool Reviews | Monitoring Tool Reviews | Log Tool Reviews | Reporting Tool Reviews | Clustering Tool Reviews | Security Tool Reviews | Change Management Tool Reviews | Remote Access Tool Reviews | Book Reviews | Security Tool Reviews | ADO.NET / ASP.NET | Administration | Analysis/OLAP Services | Application Development | Configuration | Components | ETL | Hardware | High Availability | Hints | Index | Misc | Operating Systems | Performance Tuning | Replication | T-SQL | Views


              © 2010 Jude O'Kelly. All rights reserved