on 01-18-2016 5:42 PM
We have an odd situation with cross database permissions.
Our production database server has multiple databases with many cross database operations (insert, delete, select)
which works without any problems with permissions.
We dump/load the production database into a replica server each weekend which we use for testing purposes.
Occasionally (and I mean very occasionally) on the non-production server we hit issues with cross-database permissions.
eg DELETE permissions denied on object XXXX, database YYYY, owner dbo line: 179....
All the tables in our databases are either owned by "sa" or dbo (loginame on sysobjects are either allnull or sa).
The sa ones were created by the DBA as the databases were migrated from another server and the null ones
are ones we have created since this migration.
I've read this online but can't tie this back to a ASE document
"Stored procedures using cross database tables also need select/update/insert
permission on underlying tables if the tables are not created by
sa/sa_role/dbo"
If this statement is correct, then as I understand it, we don't need to add permission to the underlying object since
all our objects are owned by sa or dbo. And considering how much cross-database joins we do - then this statement
does appear correct.
Are we understanding this correctly ?
Has anyone else had a similar issue ?
My suspicion is that its related to the dump/load causing an issue with checking loginames with dbo accounts across databases ?
Is it better to have loginames on all objects as null or better to have them as sa (or other) for cross database permissions to work ?
Thanks
Mike
User | Count |
---|---|
90 | |
10 | |
10 | |
10 | |
7 | |
7 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.