Database Administrators Stack Exchange
Database Administrators Stack Exchange

Questions tagged [impersonation]

Switching the current security context of a process to that of another account / login / user. This switch is a full replacement of permissions for the current process. This is usually achieved by using EXECUTE AS in SQL Server, RUNAS in Windows, su in Unix, etc.

22 questions
6
votes
1 answer

Stored procedure security with execute as, cross database queries, and module signing

I have a situation that, while I was able to work around it (as the repro will show), I don't understand. Here are the high points Two databases, ChainingSource and ChainDestination, both of which have cross database chaining set to true A stored…
Ben Thul
  • 1,957
  • 2
  • 15
  • 20
5
votes
3 answers

Use of IMPERSONATE permissions in SQL Server?

During some reading, got to know about the Impersonate permissions. From what I've read, it is more like creating a copy of the user with all the permission levels under a different name. I understand that this can be used for executing any queries…
karun_r
  • 349
  • 2
  • 4
  • 15
4
votes
1 answer

Execute Permissions for a Store Procedure that creates databases

I have a Stored Procedure that creates a Database for a specific project which needs to run every month by one of our Data Analysts. The question is how do I structure this to enable the Analyst to run this Stored Procedure without granting them…
JPVoogt
  • 223
  • 2
  • 10
4
votes
1 answer

SQL Server impersonation

This question is about impersonation in Microsoft SQL Server. I want to know that if I have impersonation permissions on a specific login then I can easily impersonate that login whenever I want and I do not need to have a stored procedure with…
Zeshan Mujtaba
  • 43
  • 1
  • 3
4
votes
1 answer

22046 "Impersonation error" running SQL Server Agent job

(New to SSIS. None of the similar questions mention this particular impersonation error.) I'm trying to run an SSIS package as an Agent job via a proxy, and I'm getting a non-helpful error message. The credential object is for an AD account. I'm…
that it guy
  • 181
  • 1
  • 9
4
votes
1 answer

Stored Procedure triggered by Service Broker can't access another database in SQLServer 2017

I make an extensive use of SQL Server Service Broker to trigger/parallelize data science tasks (data imports with SSIS or direct queries to another database on the same server, then data management and machine learning with R and/or Python external…
Vincent Chalmel
  • 141
  • 5
4
votes
1 answer

Cross-Database Impersonation Fail for Service Account

I would like to enable an application that dumps a big ol' heap of data into a Staging area to be able to kickoff the stored procedure that transforms & loads the data into the Production area. If possible, I'd like to not grant the application any…
Peter Vandivier
  • 5,485
  • 1
  • 25
  • 49
4
votes
1 answer

Impersonate user or login mapped to certificate

Assume that there is a certificate created in database create certificate certName with subject = 'subj'; GO And a user mapped to this certificate create user userName from certificate certName; GO Trying to impersonate this user…
i-one
  • 2,374
  • 2
  • 14
  • 23
3
votes
0 answers

Is it possible to run SQL Server as 'NT Service\MSSQLSERVER' and EXECUTE AS a domain account?

For clarity, I'm asking how to resolve this without running SQL Server as a domain account and without making sa the database owner. In a nutshell If I install SQL Server 2019 and go with the recommended default user account of NT…
jnm2
  • 141
  • 1
  • 1
  • 7
2
votes
1 answer

Allow two users permission to execute single agent job

I am trying to allow two users to run a single agent job. With this in mind, I don't want to add the users to the SQLAgentOperatorRole role in msdb as that will give them excess priveleges. I tried creating a stored procedure which will run as the…
SE1986
  • 2,142
  • 4
  • 30
  • 61
2
votes
1 answer

How Do I Execute SSIS Catalog Packages As A Different User With TSQL?

We've been moving application packages from the older methods of storage and execution into the SSIS Catalog. We're required to use an enterprise scheduling system instead of the SQL Server Agent to execute batch jobs and SSIS packages. Basically,…
Mike Brule
  • 103
  • 2
  • 5
2
votes
1 answer

Stored Procedure Execute as Owner Close Database Connections Not Working

I created a stored procedure to allow users to Close All Db connections in the QA environment. I am SA and created the procedure. When I modify the SP , run it Without 'Execute as Owner', I get results. When I add 'Execute as Owner', I do not…
user157965
2
votes
1 answer

How I can impersonate a login with securityadmin server role

On MSSQL 2008R2 I have two instances on different servers, and I need sync up the password changes for all logins. I thing that i could create a store procedure where a user (impersonate) with securityadmin server role change the password. Obs:…
Diego Flores
  • 459
  • 2
  • 7
  • 15
1
vote
1 answer

Azure Analysis Service Tabular Cube - How To Impersonate A User in SSMS

Test Cube, Test User, connect to it(Azure Analysis Service) in SSMS, right click the cube, browse, click on "Impersonate": And you will see a series of prompts that are specific to a on-premise implementation of AD, so local users, local groups(In…
David Rogers
  • 215
  • 2
  • 10
1
vote
3 answers

MariaDB "EXECUTE AS" or User Impersonation

With MariaDB, is there a way to impersonate a user execution context when connected with a higher privileged account? For instance, when connected with a "MasterUser" execute a SELECT using the more limited privileges of a "ClientUser". The classic…
Jeff Reeves
  • 13
  • 4
1
2