Solved

permission to run "execute as"

Posted on 2010-08-27
10
280 Views
Last Modified: 2012-05-10
what permissions are needed to run the above clause?

thanks
0
Comment
Question by:anushahanna
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 143

Accepted Solution

by:
Guy Hengel [angelIII / a3] earned 167 total points
ID: 33542629
see here in the docs:
http://technet.microsoft.com/en-us/library/ms188354.aspx

  Permissions

To execute a module specified with EXECUTE AS, the caller must have EXECUTE permissions on the module.

To execute a CLR module specified with EXECUTE AS that accesses resources in another database or server, the target database or server must trust the authenticator of the database from which the module originates (the source database). For more information about how to establish authenticator trust, see Extending Database Impersonation by Using EXECUTE AS.

To specify the EXECUTE AS clause when you create or modify a module, you must have IMPERSONATE permissions on the specified principal and also permissions to create the module. You can always impersonate yourself. When no execution context is specified or EXECUTE AS CALLER is specified, IMPERSONATE permissions are not required.

To specify a login_name or user_name that has implicit access to the database through a Windows group membership, you must have CONTROL permissions on the database.

Open in new window

0
 
LVL 60

Assisted Solution

by:chapmandew
chapmandew earned 333 total points
ID: 33542630
impersonation permissions are required.
0
 
LVL 6

Author Comment

by:anushahanna
ID: 33543258
what is a 'module' in this context? what about in a tSQL window in SSMS- what category is that?
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 6

Author Comment

by:anushahanna
ID: 33543260
>>impersonation permissions are required.
can you give that in a grant statement?
0
 
LVL 60

Expert Comment

by:chapmandew
ID: 33544309
sure:

USE master;
GRANT IMPERSONATE ON LOGIN::WanidaBenshoof to [AdvWorks\YoonM];
GO
0
 
LVL 6

Author Comment

by:anushahanna
ID: 33544471
OK. Thanks.

In this case, what role/permissions does WanidaBenshoof have he is able to share with YoonM?
0
 
LVL 60

Expert Comment

by:chapmandew
ID: 33544486
that account may have admin/special permissions that you want yoonM to be able to execute
0
 
LVL 6

Author Comment

by:anushahanna
ID: 33544590
OK. What if you do not want yoonM to have sa privileges but just be able to use"execute as" in his query?
0
 
LVL 60

Assisted Solution

by:chapmandew
chapmandew earned 333 total points
ID: 33544605
allow them to impersonate a user w/ the permissions you want to mimic
0
 
LVL 6

Author Comment

by:anushahanna
ID: 33544639
could you do selective permissions on the impersonate command
what would you change in the following to just give that permissions to YoonM, and not anything else special?

USE master;
GRANT IMPERSONATE ON LOGIN::WanidaBenshoof to [AdvWorks\YoonM];
GO
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
If in a where clause in t-sql 7 46
semaphore timeout period has expired 1 22
T-SQL: Wrong Result 7 32
SQL Query 9 22
Why is this different from all of the other step by step guides?  Because I make a living as a DBA and not as a writer and I lived through this experience. Defining the name: When I talk to people they say different names on this subject stuff l…
Ever wondered why sometimes your SQL Server is slow or unresponsive with connections spiking up but by the time you go in, all is well? The following article will show you how to install and configure a SQL job that will send you email alerts includ…
Using examples as well as descriptions, and references to Books Online, show the documentation available for datatypes, explain the available data types and show how data can be passed into and out of variables.
Viewers will learn how to use the UPDATE and DELETE statements to change or remove existing data from their tables. Make a table: Update a specific column given a specific row using the UPDATE statement: Remove a set of values using the DELETE s…

742 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question