Microsoft KB Archive/150890

BUG: Ownership Chains Not Verified for Stored Procs Across DBs

PSS ID Number: Q150890 Article last modified on 05-13-1996

6.00 6.50

WINDOWS

BUG#: 15075 (6.00)

= SYMPTOMS =

If a stored procedure owned by the dbo queries a table or view from another database which is owned by that database’s dbo, the ownership chain is not checked, and access is granted.

= WORKAROUND =

The following steps cause ownership chains to be checked across databases:


 * 1) Create a view in the same database as the stored procedure.
 * 2) Have the view (from step 1) query from the table or view in the other database.
 * 3) Change the stored procedure to query the view from step 1.

= STATUS =

Microsoft has confirmed this to be a problem in Microsoft SQL Server versions 6.0 and 6.5. We are researching this problem and will post new information here in the Microsoft Knowledge Base as it becomes available.

= MORE INFORMATION =

The SQL Server “Administrator’s Companion,” chapter 8, page 228, documents that ownership chains should be checked when the view or stored procedure accesses an object with a different owner or the object exists in another database.

Additional reference words: 6.0 6.50 permission ownership chain KBCategory: kbprg kbbug6.00 kbbug6.50 KBSubcategory: ssrvprog ssrvstproc

=
================================================================ Copyright Microsoft Corporation 1996.