Tuesday, February 14, 2012

Cross DB ownership chaining

Hello,
I am having trouble setting up cross db ownership chaining. Did I omit
anything?
1. Using SQL Server 2000 SP3a.
2. Login as 'sa'.
3. Create new database A1.
4. Create new database A2.
5. Create TableA in database A2.
6. Create view vTableA in database A1 as select * from A2.dbo.TableA
7. Add UserA to database A1.
8. Grant select permission on vTableA to UserA.
9. Enable cross database ownerchip chaining option in database A1 and A2.
10. All objects are owned by dbo and both databases are owned by 'sa'.
11. Log in as UserA and run Select * from vTableA in database A1, get error
"Server user 'UserA' is not a valid user in database 'A2'.".
Unless I'm missing something, I was expecting the last step to work. Any
help greatly appreciated.
PaulUserA needs a security context in database A2, although no object
permissions need be granted. You can either add the user to database A2 or
enable the guest user in database A2.
Hope this helps.
Dan Guzman
SQL Server MVP
"Paul" <Paul@.discussions.microsoft.com> wrote in message
news:43D9406C-1C28-4A86-BF39-9A2D7E1B2CFB@.microsoft.com...
> Hello,
> I am having trouble setting up cross db ownership chaining. Did I omit
> anything?
> 1. Using SQL Server 2000 SP3a.
> 2. Login as 'sa'.
> 3. Create new database A1.
> 4. Create new database A2.
> 5. Create TableA in database A2.
> 6. Create view vTableA in database A1 as select * from A2.dbo.TableA
> 7. Add UserA to database A1.
> 8. Grant select permission on vTableA to UserA.
> 9. Enable cross database ownerchip chaining option in database A1 and A2.
> 10. All objects are owned by dbo and both databases are owned by 'sa'.
> 11. Log in as UserA and run Select * from vTableA in database A1, get
> error
> "Server user 'UserA' is not a valid user in database 'A2'.".
> Unless I'm missing something, I was expecting the last step to work. Any
> help greatly appreciated.
> Paul|||(thump on head) Thanks Dan, that did it.
"Dan Guzman" wrote:

> UserA needs a security context in database A2, although no object
> permissions need be granted. You can either add the user to database A2 o
r
> enable the guest user in database A2.
> --
> Hope this helps.
> Dan Guzman
> SQL Server MVP
> "Paul" <Paul@.discussions.microsoft.com> wrote in message
> news:43D9406C-1C28-4A86-BF39-9A2D7E1B2CFB@.microsoft.com...
>
>
Posted by over c at 1:34 AM
Labels: , , , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)