问题
I have a stored procedure which loads data into a target table and works fine when run in a session with my AD credentials.
When I try to run it in a job (again with my AD details in the Run As option) suddenly the login does not have access to one of the DB's.
I used
EXEC SP1
Which worked fine.
I used (to emulate running the stored procedure in a job)
EXECUTE AS user = 'Domain\JDoe'
EXECUTE SP1
REVERT
Which failed.
Why does the stored procedure fail when running with the same credentials which are used successfully in a different session window?
Thanks in advance
回答1:
You need to set the source database to TRUSTWORTHY. Note that this has other security implications (see below).
By default in SQL Server you cannot use an assumed security context to get out of one database and into another unless the source is trusted. Setting a database to TRUSTWORTHY is how you indicate that the database is a trusted source. This is a security measure designed to prevent someone who hacks into one database from an application (via Injection, usually) from then using that as a springboard into all of the other databases in the same SQL Server. By setting it to TRUSTWORTHY you are saying "this database is secure and no one can get out who isn't supposed to."
Alter database statements like this one require that no one else is in the database when you ALTER it. You can add WITH ROLLBACK IMMEDIATE to the end of the command to throw everyone else out first. Of course that may have consequences of its own ... ;-)
来源:https://stackoverflow.com/questions/40657390/sql-server-execute-procedure-as-user