ID Number: Q79858
1.11
OS/2
buglist1.11 fixlist1.11k3
Summary:
Problem ID: PRSQL9112013
SYMPTOMS
The behavior of ownership chains as described on page 124 in the
"Microsoft SQL Server System Administrator's Guide" for version
1.11 differs from their actual behavior. According to the
administrator's guide, permissions on nested stored procedures are
checked only when the owner of the calling stored procedure is
different from the owner of the called stored procedure. However,
in practice, permissions on both the stored procedures are
required.
For example, suppose a user, Joe, creates a procedure (P1), which
calls another procedure (P2), also created by Joe. Joe then grants
execute permissions on P1 to Sue. Because P1 and P2 have the same
owner, Sue must be able to execute P1 (and through it, P2).
However, when Sue tries to execute P1, SQL Server states that Sue
does not have permissions to execute P2.
CAUSE
Under these circumstances, SQL Server does not properly enforce the
rules about ownership chains.
WORKAROUND
To work around this problem, grant execute permissions on both P1
and P2 to Sue. This will ensure that Sue will be able to execute
P1 (and through it, P2), with or without ownership chains.
STATUS
Microsoft has confirmed this to be a problem in SQL Server version
1.11. This problem was corrected in the version 1.11 K3 patch to
SQL Server version 1.11. This patch can be obtained from Microsoft
Product Support Services. For more information, contact your
primary support provider.
Additional reference words: 1.11k3